locked
More a Security & Software Question RRS feed

  • Question

  • QUICK BACKGROUND:
    My Home Server seems to have attracted some foreign hacker or "prober", as several others may have also.
    I have traced one IP to the Netherlands and one to China.  The first time this happened with a China related IP, I sent an email to the domain owner in China threatening to use my contact who is an American business man in China also friendly with government officials to focus on these attempts to access something on my server.  It stopped for serveral months but now it is back with a new China related IP and a new command/request.

    QUESTION(s) = Are these "Remote Access" entries anything to be concerned about and is there a security problem I should be aware of and do something about?   

       ENTRIES:

     DATE                         IP                TIME (Pacific)   URL                  QUERY
    1/23/10             207.97.226.110    05:57 PM        /index.php             title=Special:Blockme&ip=6faa9c9269fbcf4ea2e07afb0c62252               

     

    1/22/10             125.65.112.161    05.59 PM        /prx1.php              hash=AF86F954ECFAD74A4C66B94200505BACD2ACC82DD398

    1/23/10             125.65.112.161    06.57 PM        /prx1.php              hash=AF86F954ECFAD74A4C66B94200505BACD2ACC82DD398

    1/24/10             125.65.112.161    10.00 PM        /prx1.php              hash=AF86F954ECFAD74A4C66B94200505BACD2ACC82DD398           

     

    Your feedback is very much appreciated.             
    Monday, January 25, 2010 5:00 PM

Answers

  • I don't really need the complete entries to say you're being probed somehow. :) 

    You are always vulnerable to a "zero day" exploit that targets a component that Windows Home Server uses. Beyond that, the main thing you can do to reduce your overall vulnerability is to reduce the amount of software installed on your server, and the amount of time you spend logged in to the desktop, to a minimum. Everything you install has bugs, some of which can be exploited, and every time you surf the web from a computer (including your server) you're taking a small risk.

    I'm not on the WHS team, I just post a lot. :)
    • Marked as answer by JRDEEZ Tuesday, January 26, 2010 4:25 AM
    Monday, January 25, 2010 6:22 PM
    Moderator

All replies

  • You don't show complete log entries so it's hard to say for sure. I tend to agree that your server is being probed by something. It could be search engines of some sort, though hackers are more likely. 

    There's not much you can do about it, I'm afraid.

    I'm not on the WHS team, I just post a lot. :)
    Monday, January 25, 2010 5:44 PM
    Moderator
  • Ken,

    Thanks for your reply.  I would be glad to show complete entries if you could point me to the log file that would provide complete entries.

    Probing and attempted hacking are indeed going to happen.  I am trying to prevent any malicious results.  Are there vulnerabilities in your understanding that my Avast software and firewall that will not stop and for which I need to institute some sort of protection?

    Thanks again.  

    Monday, January 25, 2010 5:54 PM
  • I don't really need the complete entries to say you're being probed somehow. :) 

    You are always vulnerable to a "zero day" exploit that targets a component that Windows Home Server uses. Beyond that, the main thing you can do to reduce your overall vulnerability is to reduce the amount of software installed on your server, and the amount of time you spend logged in to the desktop, to a minimum. Everything you install has bugs, some of which can be exploited, and every time you surf the web from a computer (including your server) you're taking a small risk.

    I'm not on the WHS team, I just post a lot. :)
    • Marked as answer by JRDEEZ Tuesday, January 26, 2010 4:25 AM
    Monday, January 25, 2010 6:22 PM
    Moderator
  • Thanks for the insight!
    Monday, January 25, 2010 7:17 PM