soame post on russian side:
http://www.rejetto.com/forum/pk/otk-taok-ekoa-e-287/?topicseenquote code(what i asume you see in your log...) you posted:
------------
2:40:24 42.51.156.54:64512
Requested GET /?search==2:42:45 42.51.156.54:51296
Requested GET /?search==3:02:33 41.203.214.158:53771 Requested GET /
---------
Is a standard search info from ip address: 42.51.156.54
...
Some one was probably snooping your server looking for exe and or vbs files... unknown if you were serving any...
Quote:
In hfs catalog found 2 files 1.exe and x.vbs - this script install backdoor....
You haven't posted info on how/why, so i'm reluctant to believe it is a "backdoor"...
Need more info / if you don't know the ip or don't want it, then ban it...
-----------
(Quote form russian side:)-- google translate:
the catalog is filled with hfs x.vbs and 1.exe and run , eventually installed virus ( backdoor )
While just made empty files with these names and put a flag read-only.
-----------------------------------------------------
Okay, need log file and possible rejeto to take a look into it.
It might be on the line of a "public upload" (to solve, no free uplad - user sign in) hack:
http://www.ehow.com/how_8692274_run-exe-vbscript.htmlYou upload a vbs script using html and vbs code to run exe files.. the exe file is uploaded and called via the vbs script...
you be surprised what you can do in the web console(debug-ing):
http://www.wiseowl.co.uk/blog/s393/scrape-website-html.htm