Someone from 67.176.230.211(Comcast Cable Communications Inc; Waukegan, IL) tried to go to the following NONEXISTENT pages on my website. My redirect(custom 404 page not found action) for NONEXISTENT pages on that site is the homepage so they were redirected to the homepage.

This looks really suspicious to me. Maybe there is nothing I can do about it, but is this some kind of attempt to hack my website?

http://mywebsite.com/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=5606&STRMVER=4&CAPREQ= 0

http://mywebsite.com/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=5606&STRMVER=4&CAPREQ= 0

Yeah, it looks like somebdy trying to find a a backdoor on a Windows system. If you're not running on a Windoze server or using Frontpage then you have nothing really to worry about.

If you want to block him/her, the simplest method is to deny them in your .htaccess file with the following commands

order allow,deny
deny from 67.176.230.211
allow from all

Thankyou for that blocking information.

I am not running on a Windoze server or using Frontpage for this website.

Comcast is a popular, cable based, television+Internet, etc, provider in the U.S. I wonder are the IP addresses for each account(home or user) static or dynamic? Comcast Internet is not like dial-up, at least I do not think it is, so I want to say static, but if it is dynamic, then, I guess that hacker may very well return from a different IP address. ???

Incidentally, it has happened again from a Michigan USA IP address as follows:

Host: 69.41.14.150
/MSOfficecltreq.asp?UL=1&ACT=4&BUILD=5606&STRMVER=4 &CAPREQ=0
Http Code: 302 Date: Aug 16 16:40:10 Http Version: HTTP/1.1 Size in Bytes: 705
Referer: -
Agent: libcurl-agent/1.0

/
Http Code: 200 Date: Aug 16 16:40:11 Http Version: HTTP/1.1 Size in Bytes: 13293
Referer: -
Agent: libcurl-agent/1.0

I tend to pay close attention to my website logs and I have not noticed this stuff before so I believe that hacking attempts using this particular method have just started.

The only thing I did on that particular website today that I had not done on it before was "hotlink" an image I uploaded to a new flickr account I started as a kind of SEO experiment.

I also made the 2nd blog post in that website's blog(it is wordpress installed on my server, but I did not use the default wordpress name).

The last time I posted to that blog was about 60 days ago. I did, just like when I made the first blog post, notice all the visits from technorati and the like who were notified, based on my settings, of my new blog post today, but, again, I think I would have remembered if the type of hacking attempts I am experiencing today had happened when I made the first blog post.

My AWSTATS only get updated once every 24 hours, but when that happens I guess I might see a big jump in my 401(unauthorized), 405(method not allowed), and 302 http error codes. At least those are the first things I will look for...

It really infuriates me to have to spend time trying to figure out if this(67.176.230.211) particular hacker's method is a real threat to my website or not, but I do not see that I have any other choice.

69.41.14.150 comes back to COVENANT EYES INC. and that only adds to the mystery with this second attempt.

*****
IP Address Location
IP Address 69.41.14.150
City OWOSSO
State or Region MICHIGAN
Country UNITED STATES
ISP COVENANT EYES INC.

you can change IP as much as you like, but these malevolence doers will just use different ones... you should put up much stronger security, whatever the hell that is or means. I have seen similar activities and have been ignoring it. a bad idea.

i better take a backup of my whole server... if things go wrong, that can be the best security (against your system going down)

what are some strong measures one can take to secure oneself?
seems like hackers are running rampant : / and are out to destroy.

Certainly looks like some type of hack attempt to me, I would add them to your denied IP list.

I think it's a hacker. That's for sure.

Use IP deny manager and block the IPs. There is always going to have some soirt of hacking attempts if you host something. Dont get to much worried about it. Take the normal precautions, thats it.

Yes it would be better for you to block this IP ;D This is like a automated hacking software that is checking all sites I think. Type your error in google and you will see all kinds of website reports with the same error.

I think that you can to abuse for that. But I think that is stray bot

Quote:

Originally Posted by xpiamchris

what are some strong measures one can take to secure oneself?
seems like hackers are running rampant : / and are out to destroy.

Seems to me like most answers here, so far, are good advice.

SmartBomb gave great advice regarding the websites to which this specific type of hacking or abuse strategy could do the most harm. Namely, websites running on a Windows server and websites created using Frontpage. If you fall into either of those 2 categories I think you definitely need to assume this activity is an attempt to hack your website AND you need to do something to prevent this strategy from being a valid means of gaining access to your website.

As far as "...strong measures one can take..." there are no doubt many. For instance, a few years back there was a "registered globals" issue that, apparently, was a big deal as far as being a potential security issue. It still could be depending on what version of PHP is running on your server so, at the very least, you would want to change the "registered globals" setting for your shared hosting account if the version of PHP on your server is one of the affected versions.

But I feel confident in stating that the aforementioned PHP security risk for certain versions of PHP represents less than a "drop in the ocean" compared to all of the varied security risks that can affect your website.

And, unfortunately, I believe the average hacker is far more knowledgeable about how to successfully attack a website than the average "webmaster" is in how to successfully repel or neutralize such attacks.

To make matters worse there are "kits" and "scripts" that make it "easy" for "crooks" to attack a website, EVEN IF THE CROOKS ARE NOT KNOWLEDGEABLE, just as there are "kits" and "scripts" that make it "easy" for people who otherwise would not know how to build a website to build one.

So what do I really think is the strongest measure "...one can take..."? Education. In other words, be more knowledgeable than or as knowledgeable as hackers. But the problem with that is, as I indicated, the larger percentage of hackers, or the means they employ to attack websites, are as far out of the average "web masters" league as a postgraduate physicist is out of the average person's league.

So, with the aforementioned in mind, how do you defend yourself against countless evil genius' trying to hack your website?

Well, you should do a lot to ensure that your website's "security" is not lower, on average, than the millions and millions of other websites accessible via the Internet. The "software" running on the "computer" that is the server(s) that holds your website files should be kept pretty much up to date. By "software" I mean everything from cPanel, or your equivalent, to PHP, Perl, MySQL, etcetera.

Learn what a good password is and use good passwords. The sad truth is there are probably "brute force" or automated means that can be used to EVENTUALLY crack most passwords, BUT there are excellent resources available to make such a task unattractive.

Incidentally, the government, in a manner of speaking, classifies it as illegal to employ encryption that the government can not crack. Even software manufacturers and financial websites must take this into account. They may have the means to or know how to make their systems more secure, but by law they are prohibited from doing so.

I could go on and on BUT, probably, the single best advice that I try very hard to heed is.

Expect the best, but plan for the worse.

When it comes to websites that I manage that means BACKUP!

Backup your files to a location(s) that is off the Internet so that if something catastrophic does happen to your website online you can upload the BACKUPS to get your website going again. I really think that is the best advice I can give when it comes to mitigating the damage or risk associated with something catastrophic happening to your website online.

You should also keep, at least, 2 backups in different locations just the same as you should do with your computer. Keep the backups up to date as well, because you might still be "crying the blues" IF something catastrophic happens to your website online AND you HAVE made a backup, but that backup is 8 months old for a website that you have been doing a lot of work on EVERYDAY.