[OPLINTECH] Is your website and network safe ?

Bob Neeper neeperro at oplin.org
Wed Sep 14 10:50:25 EDT 2011


No internet website is immune from attack !

Last night I  configured Wireshark for a 7 hour communication capture on one of 
our websites to help with a problem.

Checking this morning I found a short attack from a Server Location of Lithuania 
and a long attack from Korea.
There was a 9 minute attack captured from Korea before Wireshark timed out.

Partial server log from Lithuania.  Trying to POST to our site.


Partial server log from Korea. Trying to find something to exploit.
ZmEu is a bot run by a blackhat Romanian hacker group. It searches for poorly 
configured software installations that would allow the script to take control of 
the server. Looks for scripts in various common directories such as "/admin/", 
"/scripts/" and "/phpMyAdmin/".





-- 
R. W. (Bob) Neeper
Community Library
44 Burrer Dr.
Sunbury, Oh 43074
Tel:  (740)-965-3901

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.oplin.org/pipermail/oplintech/attachments/20110914/ce924acd/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ghahabfb.jpg
Type: image/jpeg
Size: 119287 bytes
Desc: not available
Url : http://lists.oplin.org/pipermail/oplintech/attachments/20110914/ce924acd/ghahabfb-0001.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: daedhaga.jpg
Type: image/jpeg
Size: 231008 bytes
Desc: not available
Url : http://lists.oplin.org/pipermail/oplintech/attachments/20110914/ce924acd/daedhaga-0001.jpg


More information about the OPLINTECH mailing list