rejetto forum

Software => HFS ~ HTTP File Server => HTML & templates => Topic started by: curleyg on December 29, 2007, 05:26:26 PM

Title: unusual server activity
Post by: curleyg on December 29, 2007, 05:26:26 PM

Good Afternoon,
This perhaps should have gone in the Live 2 post, but I'm not sure if I'm being hacked or what the problem is. I set up this server yesterday. Please take a look at this log. I installed Live Ultima 2.204 with Live local 2 dropped into the root. Everything looked fine. The first two entries on this log at 9:xx PM are legit. I was testing the server, but what is all this activity that started at 4:00 AM and is now continuing every couple of minutes?
Please help?
Thanks
George

6:16:27 PM 192.168.62.50:2227 Requested GET /HFSdownloads/cports.zip
6:16:27 PM 192.168.62.50:2233 Requested GET /HFSdownloads/cports.zip
6:16:27 PM 192.168.62.50:2233 Fully downloaded - 49.33 KB @ 1074 KB/s - /HFSdownloads/cports.zip
9:12:01 PM 84.32.31.132:1465 Requested GET /
9:12:06 PM 84.32.31.132:1465 Requested GET /hfslive/js/server4.js
9:12:06 PM 84.32.31.132:1465 Fully downloaded - 62 B @ 3 KB/s - /hfslive/js/server4.js
9:12:46 PM 84.32.31.132:1480 Requested GET /
9:13:06 PM 84.32.31.132:1517 Requested GET /HFSdownloads/
4:17:08 AM 66.249.70.108:59237 Requested GET /
6:37:31 AM 66.249.70.108:64887 Requested GET /HFSuploads/
6:41:25 AM 66.249.70.108:58302 Requested GET /?sort=s
6:45:46 AM 66.249.70.108:64572 Requested GET /?sort=n
6:50:09 AM 66.249.70.108:57706 Requested GET /?sort=d
6:54:28 AM 66.249.70.108:45642 Requested GET /hfslive/
6:58:50 AM 66.249.70.108:65227 Requested GET /HFSdownloads/
7:00:08 AM 121.45.70.66:1195 Requested GET /
7:00:13 AM 121.45.70.66:1195 Requested GET /hfslive/js/server4.js
7:00:13 AM 121.45.70.66:1195 Fully downloaded - 62 B @ 3 KB/s - /hfslive/js/server4.js
7:03:14 AM 66.249.70.108:49124 Requested GET /?sort=t
8:38:47 AM 66.249.70.108:33422 Requested GET /HFSuploads/?sort=t
8:38:50 AM 66.249.70.108:33422 Requested GET /HFSuploads/?sort=d
8:38:54 AM 66.249.70.108:33422 Requested GET /HFSuploads/?sort=s
8:53:59 AM 66.249.70.108:41978 Requested GET /HFSuploads/?sort=n
9:07:06 AM 66.249.70.108:50731 Requested GET /hfslive/?sort=d
9:07:10 AM 66.249.70.108:50731 Requested GET /hfslive/?sort=n
9:08:51 AM 66.249.70.108:63179 Requested GET /HFSdownloads/?sort=n
9:11:13 AM 66.249.70.108:38316 Requested GET /hfslive/?sort=t
9:13:48 AM 66.249.70.108:52230 Requested GET /hfslive/images/
9:16:24 AM 66.249.70.108:60738 Requested GET /hfslive/docs/
9:19:02 AM 66.249.70.108:51708 Requested GET /hfslive/css/
9:21:36 AM 66.249.70.108:60079 Requested GET /hfslive/js/
9:24:11 AM 66.249.70.108:49438 Requested GET /hfslive/streamer/
9:26:48 AM 66.249.70.108:58075 Requested GET /hfslive/?sort=s
9:29:22 AM 66.249.70.108:64039 Requested GET /HFSdownloads/?sort=t
9:31:59 AM 66.249.70.108:39796 Requested GET /HFSdownloads/?sort=s
9:34:37 AM 66.249.70.108:52706 Requested GET /HFSdownloads/?sort=d
10:37:29 AM 66.249.70.108:49827 Requested GET /hfslive/images/red/
10:37:33 AM 66.249.70.108:49827 Requested GET /hfslive/images/icons/
10:37:36 AM 66.249.70.108:49827 Requested GET /hfslive/images/filetypes/
10:37:39 AM 66.249.70.108:49827 Requested GET /hfslive/images/errors/
10:39:24 AM 66.249.70.108:41013 Requested GET /hfslive/images/?sort=t
10:41:44 AM 66.249.70.108:49169 Requested GET /hfslive/images/progress_bars/
10:44:05 AM 66.249.70.108:43112 Requested GET /hfslive/images/common/
10:46:25 AM 66.249.70.108:51684 Requested GET /hfslive/docs/?sort=d
10:48:45 AM 66.249.70.108:64491 Requested GET /hfslive/docs/?sort=n
10:51:04 AM 66.249.70.108:39838 Requested GET /hfslive/docs/?sort=s
10:53:26 AM 66.249.70.108:45790 Requested GET /hfslive/images/?sort=n
10:55:44 AM Check update: no new version
10:55:47 AM 66.249.70.108:53909 Requested GET /hfslive/images/black/
10:58:07 AM 66.249.70.108:46400 Requested GET /hfslive/images/?sort=d
11:00:29 AM 66.249.70.108:54477 Requested GET /hfslive/images/blue/
11:02:48 AM 66.249.70.108:44848 Requested GET /hfslive/docs/?sort=t
11:05:10 AM 66.249.70.108:53158 Requested GET /hfslive/images/?sort=s
11:35:34 AM 66.249.70.108:53158 Requested GET /hfslive/js/?sort=n
11:35:38 AM 66.249.70.108:53158 Requested GET /hfslive/js/?sort=s
11:35:43 AM 66.249.70.108:53158 Requested GET /hfslive/streamer/?sort=n
11:35:48 AM 66.249.70.108:53158 Requested GET /hfslive/css/?sort=s
11:35:53 AM 66.249.70.108:53158 Requested GET /hfslive/css/?sort=t
11:38:50 AM 66.249.70.108:58644 Requested GET /hfslive/streamer/?sort=d
11:42:37 AM 66.249.70.108:39332 Requested GET /hfslive/js/?sort=t
11:46:27 AM 66.249.70.108:38768 Requested GET /hfslive/js/?sort=d
11:50:18 AM 66.249.70.108:64866 Requested GET /hfslive/css/?sort=n
11:54:08 AM 66.249.70.108:40534 Requested GET /hfslive/streamer/?sort=t
11:57:58 AM 66.249.70.108:34228 Requested GET /hfslive/css/?sort=d
12:01:50 PM 66.249.70.108:46147 Requested GET /hfslive/streamer/?sort=s
12:06:22 PM 66.249.70.108:36676 Requested GET /hfslive/images/filetypes/?sort=n
12:06:25 PM 66.249.70.108:36676 Requested GET /hfslive/images/progress_bars/?sort=d
12:06:30 PM 66.249.70.108:36676 Requested GET /hfslive/images/filetypes/?sort=s
12:07:31 PM 66.249.70.108:40591 Requested GET /hfslive/images/icons/?sort=t
12:08:47 PM 66.249.70.108:52405 Requested GET /hfslive/images/icons/?sort=d
12:10:01 PM 66.249.70.108:56668 Requested GET /hfslive/images/common/?sort=t
12:11:18 PM 66.249.70.108:61075 Requested GET /hfslive/images/errors/?sort=d
12:12:32 PM 66.249.70.108:65438 Requested GET /hfslive/images/red/?sort=t
12:13:47 PM 66.249.70.108:48320 Requested GET /hfslive/images/errors/?sort=t
12:15:01 PM 66.249.70.108:52515 Requested GET /hfslive/images/progress_bars/?sort=t

Title: Re: unusual server activity
Post by: Metaltailz on December 29, 2007, 07:58:07 PM

I'm not sure how you have your server setup but if you forgot to set a download mask on the template files then they would appear in the logs whenever someone downloads them, but even if you did that I don't think you should ever see the log Requested GET /hfslive/images/errors/ because that mean the user (malicious or otherwise) is trying to get the contents of your hfslive folder. I suggest you set your hfslive folder to not be browsable,make it hidden, put a download mask on it and to make it not appear in the logs. That way whenever people download the images from the template it won't clutter up your logs, people won't be able to see the hfslive folder and they won't be able to browse it.

Title: Re: unusual server activity
Post by: TCube on December 29, 2007, 09:42:17 PM

George, just being goolized ...

http://www.chatter.ru/whois.php?ip=66.249.70.108 (http://www.chatter.ru/whois.php?ip=66.249.70.108)

Which HFS version are U using ? If U don't have the "StopSpider" function in the menu, apply the following text into a robot.txt file hidden at the root of your HFS

Code: [Select]


User-agent: *
Disallow: /



On the opposite, If U want to be goolized then do as recommanded by Metailtailz.

TCube

Title: Re: unusual server activity
Post by: Foggy on December 30, 2007, 08:17:33 AM

As TCube said it wasnt anyone/anything malicious It was only just google indexing your hfs. If you didnt want to have your hfs indexed you can go HERE (http://www.google.com.au/support/webmasters/bin/answer.py?answer=61062&topic=8459) to find out how to remove your hfs from the google index.