I guess hacker me - URGENT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I use Centos 4.2 with all service pack installed. I verified traffic on 
link WEB and I see port TCP 80 with many traffic.

I accessed lod /var/log/httpd/access_log and show below.

ca.com/members/index.php HTTP/1.0" 401 - 
"http://members.sapphicerotica.com/members/index.php"; "Mozilla/5.0 ( 
compatible; MSIE 5.01; Windows XP; NetCaptor )"
68.119.110.138 - - [30/Jan/2006:15:08:08 -0200] "GET 
http://211.115.101.253/config/login?.done=http://smallbusiness.yahoo.com/services/index.php&.src=sbs&login=NsyncAngel9&passwd=xxxx 
HTTP/1.0" 200 9794 "-" "-"
68.119.110.138 - - [30/Jan/2006:15:08:10 -0200] "GET 
http://211.115.101.253/config/login?.done=http://smallbusiness.yahoo.com/services/index.php&.src=sbs&login=CoolPimP2&passwd=xxxx 
HTTP/1.0" 200 9786 "-" "-"
80.144.212.33 - - [30/Jan/2006:15:08:09 -0200] "GET 
http://www.995members.com/members/ HTTP/1.0" 401 472 
"http://www.995members.com"; "Mozilla/5.0 ( Windows; U; Windows NT5.1; 
DigiExt )"
68.119.110.138 - - [30/Jan/2006:15:08:10 -0200] "GET 
http://211.115.101.253/config/login?.done=http://smallbusiness.yahoo.com/services/index.php&.src=sbs&login=Cool19999&passwd=xxxx 
HTTP/1.0" 200 9786 "-" "-"
68.119.110.138 - - [30/Jan/2006:15:08:12 -0200] "GET 
http://211.115.101.253/config/login?.done=http://smallbusiness.yahoo.com/services/index.php&.src=sbs&login=COOL699&passwd=xxxx 
HTTP/1.0" 200 9786 "-" "-"
68.119.110.138 - - [30/Jan/2006:15:08:13 -0200] "GET 
http://211.115.101.253/config/login?.done=http://smallbusiness.yahoo.com/services/index.php&.src=sbs&login=COOL696&passwd=xxxx 
HTTP/1.0" 200 9786 "-" "-"
68.119.110.138 - - [30/Jan/2006:15:08:14 -0200] "GET 
http://211.115.101.253/config/login?.done=http://smallbusiness.yahoo.com/services/index.php&.src=sbs&login=Cool1875&passwd=xxxx 
HTTP/1.0" 200 9786 "-" "-"
68.119.110.138 - - [30/Jan/2006:15:08:16 -0200] "GET 
http://216.109.126.252/config/login?.done=http://smallbusiness.yahoo.com/services/index.php&.src=sbs&login=Cool69_&passwd=xxxx 
HTTP/1.0" 999 4445 "-" "-"
68.119.110.138 - - [30/Jan/2006:15:08:17 -0200] "GET 
http://216.109.126.252/config/login?.done=http://smallbusiness.yahoo.com/services/index.php&.src=sbs&login=Cool6665&passwd=xxxx 
HTTP/1.0" 999 4445 "-" "-"
68.119.110.138 - - [30/Jan/2006:15:08:18 -0200] "GET 
http://216.109.126.252/config/login?.done=http://smallbusiness.yahoo.com/services/index.php&.src=sbs&login=Cooldrugs7&passwd=xxxx 
HTTP/1.0" 999 4445 "-" "-"
82.39.175.52 - - [30/Jan/2006:15:08:35 -0200] "GET 
http://l1.login.dcn.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=big_b_mt_biker&passwd=123456 
HTTP/1.0" 502 961 "-" "-"
80.144.212.33 - - [30/Jan/2006:15:08:43 -0200] "GET 
http://www.995members.com/members/ HTTP/1.0" 401 472 
"http://www.995members.com"; "Mozilla/5.0 ( Windows; U; Windows NT5.1; 
DigiExt )"
12.206.3.132 - - [30/Jan/2006:15:08:46 -0200] "GET 
http://us.a1.yimg.com/login.bjs.yahoo.com/config/login?login=big_g_&passwd=321liftoff 
HTTP/1.0" 200 4440 "http://www.yahoo.com/"; "-"
84.109.4.111 - - [30/Jan/2006:15:08:51 -0200] "CONNECT login.icq.com:443 
HTTP/1.0" 200 - "-" "-"



I guess that hacker is using my SERVR APACHE to PROXY.


Please, I need help urgent.


I stoped service HTTPD because it.


Thanks

Adriano


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux