Last night I left my port 80 open so a friend could download a file from my home machine. Figuring not many people would see my machine for a few hours I wasn't very concerned. (plus my home page is blank)
I found one person who must have been scanning addresses and in my logs I see the following line:
61.77.50.51 - - [09/Sep/2004:22:45:26 -0400] "POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 404 425
I looked up "fp30reg.dll" and their is a buffer overflow exploit with this file, so this person was trying to get in (so it seems).
1.) I'm running apache without FrontPage extensions, so they got a 404 error.
2.) I tracrt this address and the IP is still alive
3.) I visited the IP address and it's an actual website.
So, either this person is using their server to scan for exploits, or they have some virus doing it for them. I can't read the site because it's in Chinese (I think?). Can anyone read their website and tell me their contact info?
hxxp://61.77.50.51
I found one person who must have been scanning addresses and in my logs I see the following line:
61.77.50.51 - - [09/Sep/2004:22:45:26 -0400] "POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 404 425
I looked up "fp30reg.dll" and their is a buffer overflow exploit with this file, so this person was trying to get in (so it seems).
1.) I'm running apache without FrontPage extensions, so they got a 404 error.
2.) I tracrt this address and the IP is still alive
3.) I visited the IP address and it's an actual website.
So, either this person is using their server to scan for exploits, or they have some virus doing it for them. I can't read the site because it's in Chinese (I think?). Can anyone read their website and tell me their contact info?
hxxp://61.77.50.51