Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 + XAMPP dev server


  • Please log in to reply
No replies to this topic

#1 satyrwilder

satyrwilder

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 15 April 2010 - 01:15 AM

Hello,

Two weeks ago, my real dev server wireless shorted out, hard drive bricked, then the temporary replacement hard drive I set up tanked under a monster rootkit! I am now working on a (loaner) Gateway laptop, Windows 7 (legit OEM) with XAMPP 1.7.1 dev server. LAN direct to modem (router removed.) Netbeans IDE and Avast! for AV.

Here's what's wrong:

My Apache error and access logs indicate an attack is still hitting. I first noticed a problem this morning - multiple IPs running the same attempt. Set this server up four days ago and thought I had the firewall configured sufficiently to deny external requests for Apache, clearly not. In response this morning, I ensured Windows was up to date, ran Defender (clean result), installed and ran Avast! which found 3 copies of the same virus (32bit). Changed Apache's ports to 8080 and Apache webroot password and authentication. MySQL has root pw set, no anonymous. It's was clear the rest of the day, until another attempt popped up in Apache's logs a bit ag from one of the attacking IPs (all IPs originate in / around Beijing, China on watchdog sites with other people reporting hack attempts as well.)

Farfetched or not, I'm paranoid that a virus or backdoor has squeezed in somehow. Would anyone mind looking over my logs, netstat, just to make double super impossible sure I'm not sitting on a landmine... Really could use a sanity check at this point, any help or advice or heck, just sympathy is appreciated!

Thank you,
-sw

EDIT: Moved from Win 7 to Am I Infected, more appropriate forum ~ Hamluis.

Edited by hamluis, 15 April 2010 - 11:19 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users