Re: disconnect a hacker

From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 06/09/04


Date: Wed, 9 Jun 2004 01:42:05 +0000 (UTC)


"klunk" <klunk@hotmail.com> writes:

]I've been experiencing a sustained series of hacking and attacking attempts
]on my Web server.

]I have disabled unnecessary services, am running a software firewall and
]have taken every precaution and implemented every preventative method I
]encounter to ensuring my security.

]When I run "netstat -an", I can still see the hacker connected to port 80 on
]my Web server through several ports on his end.

Why is he a hacker? Port 80 is the http port. Since you are a web server,
people have to connect through port 80.
Why isn't he supposed to?

]What I want to know is if there is a way to kick this guy off my system
]while he is at it?
]Can I run a command from my Win2K system - command shell window or otherwise
]that disconnects him?

Are you really running Win2K as a web server? Oh well.



Relevant Pages

  • Re: Remote Access
    ... Please rerun CEICW, this helps up configure network and websites ... On the Web Server Certificate page shows. ... http://ipaddress/remote to access RWW, type the public IP address in the ... that if SBS is behind a router, I need to configure the port forwarding ...
    (microsoft.public.windows.server.sbs)
  • Re: Apache web server being attacked
    ... There is no domain name pointing to my web server. ... But have had port 80 attacks that did not work. ... after yourself once you've generated a config file. ... This way my web site has total access by anyone who knows it's URl, the URL is scanned by yahoo and google indexing bot and becomes know to the public. ...
    (freebsd-questions)
  • Re: [Full-disclosure] server security
    ... I don't see how any can argue against the security value of such a configuration. ... It's unlikely, but you never know, you just might miss out on a nasty worm all because you werent running on a default port one day. ... This is a basic web server that runs email, web and a couple other things. ... -- Securing Apache Web Server with thawte Digital Certificate In this ...
    (Full-Disclosure)
  • Re: disconnect a hacker
    ... My Web server station is right next ... my attention divided by security concerns... ... see an IP connected to port 80, ... I've been forwarding my firewall logs to my ISP, ...
    (alt.computer.security)
  • Re: disconnect a hacker
    ... My Web server station is right next ... ]see an IP connected to port 80, ... ]I notice a significant number of probes on my firewall console window ... that the attacks on you are simply attacks on you amongst millions of ...
    (alt.computer.security)