Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is This An Intruder Of Some Sort?


  • Please log in to reply
7 replies to this topic

#1 BurritoBoy

BurritoBoy

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 30 August 2008 - 06:01 AM

Quick question:
I am running a simple website (Tomcat) I am noticing in my logs that an IP address is re-occurring every morning and all it is getting is one image; this is only in the morning and is at no other time during the day. What I mean is, and I知 only guessing: Can an intruder use this method to detect that your system is still up? I知 always hearing about [bot] farms and stuff and have even read about them. Sometimes, with how rapid things move in the internet world I知 not sure by what means the farmers use to keep track of their workers. Any light on this topic will help a lot.

Thanks


This is the general line:

71.91.137.1 - - [30/Aug/2008:02:01:31 -0300] "GET /mysite/images/web-page_05.gif HTTP/1.0" 304


is this anything? Or am I being paranoid?

Edited by BurritoBoy, 30 August 2008 - 09:56 AM.


BC AdBot (Login to Remove)

 


m

#2 BurritoBoy

BurritoBoy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 07 September 2008 - 11:22 AM

I guess I didn't ask this question well enough? Not even a hint or response of "yes you are just being paranoid."

#3 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:38 PM

Posted 07 September 2008 - 12:33 PM

what was the ip address?
Chewy

No. Try not. Do... or do not. There is no try.

#4 BurritoBoy

BurritoBoy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 09 September 2008 - 03:04 PM

Actually; I don't know if this is bad form, but the IP address is the one in the message.

Sorry for not answering this sooner. I just didn't think I was going to get a reply. Plus I知 scratching my head on a jsp scenario.

Thanks for taking notice..

#5 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:38 PM

Posted 09 September 2008 - 03:11 PM

Sorry about that

:thumbsup:


charter communications gwinette county public schools?
Chewy

No. Try not. Do... or do not. There is no try.

#6 BurritoBoy

BurritoBoy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 10 September 2008 - 08:07 AM

?

I'm unsure what this means. I used "arin" to find where it was coming from but don't know why, or for what purpose. Can you shed any light on this one?

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:38 PM

Posted 10 September 2008 - 08:23 AM

?

I'm unsure what this means. I used "arin" to find where it was coming from but don't know why, or for what purpose. Can you shed any light on this one?



charter communications gwinette county public schools?


If that has no connection to anything you have installed or running then I would report the possible abuse

CustName: GWINNETT COUNTY PUBLIC SCHOOLS
Address: 437 OLD PEACHTREE RD NW
Address: Use as many Customer Address lines as needed to specify
City: SUWANEE
StateProv: GA
PostalCode: 30024
Country: US
RegDate: 2008-08-11
Updated: 2008-08-11

NetRange: 71.91.136.0 - 71.91.137.255
CIDR: 71.91.136.0/23
NetName: GWNN-71-91-136-0
NetHandle: NET-71-91-136-0-2
Parent: NET-71-91-136-0-1
NetType: Reassigned
Comment:  
RegDate: 2008-08-11
Updated: 2008-08-11

OrgAbuseHandle: ABUSE19-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-314-288-3111
OrgAbuseEmail: abuse@charter.net

OrgTechHandle: IPADD1-ARIN
OrgTechName: IPAddressing
OrgTechPhone: +1-314-288-3889
OrgTechEmail: ipaddressing@chartercom.com

# ARIN WHOIS database, last updated 2008-09-09 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


Edited by DaChew, 10 September 2008 - 08:25 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#8 BurritoBoy

BurritoBoy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 10 September 2008 - 01:49 PM

"?" is just my confusion.

I would report it, but I'm just not sure what is going on with this. I ran, Hijackthis, TCPView, nslookup, tasklist, and whatever else I could think of; I couldn't find any troubling activity. I just find it weird that someone is just getting one image from my website.

Thanks for your interest, I appreciate your input

Steve




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users