Hello.
Do you have a fix or dynamic IP?
If is fix, did you changed your IP recently? (If yes, it may be a redundant connection: a user who
used to connect to this IP when it belonged to somebody else and he still want to connect to that
person).
What is your IP?
If you cannot make it public, please send it to my email.
R
What you have in this page? (What it shows?)
Port 43434 if sometimes used for SSH tunneling. However, I cannot see the connection with your
server.
In addition, the 'hacker' uses many different, ascending, ports with great gaps between them. This
may appear when the 'hacker' uses a hacking tool to scan the Internet to victims.
How many connections do you have from this stranger in one hour?
I do not really think you need a protection. Exploits appears for famous web servers, when
somebody knows what the weak point is and how to penetrate through that point.
Just keep your server anonymous (do not display any info about the server type and version).
In the BEST CASE, a hacker can block/reset your server (flood). It is really really really
difficult to penetrate a server and take over your computer/server or to delete/replace the web
content.
However, if you still want you can modify the demo to make a small something, I do not know how
to call it.
Is like a firewall but it will trigger only if the visitor try to connect to the server more than
20 times in a minute.
If somebody tries to connect even faster 10/sec, then the firewall will trigger more quickly.
No decent user will try to request so many pages in a minute. Therefore, you can filter the
'enemy' out.
PS: the elementary school is the ideal place for a (small) hacker to hatch and grow.
Small hacker = script kid
PS2: the server you mentioned (124.0.90.2) run currently a SSH server. They also have a Telnet,
FTP and of course HTTP. They are also running some strange services that I was unable to identify
for sure but I think that server is infected with NetPort Discovery Port Masters Paradise Trojan
Horse (3129 open). So it just scanned your computer purely random.
Still I do not understand why it scanned you more than once.
At the final
As an unwritten rule: the higher is the port used, the greater the chance that connection is an
attack (is coming from a 'bad' software with bed indentions).
Rich Cooper <rcooper15 (AT) comcast (DOT) netwrote:
Hi All,
I have my Indy 9 httpserver running, and I have it store a log of
which IPs access the site. There is one persistent visitor who
shouldn't even be there. Its from IP address http://124.0.90.2/
When I point IE at that address, I get a web page with asian
characters on it that says something about Yeonseo elementary
school.
Perhaps that site has been permeated by a virus that looks around
the web for other sites to infect. Here's the section of log that
shows what they were after:
User logged in 124.0.90.2:43434
User logged out
User logged in 124.0.90.2:37702
Command GET / received from
124.0.90.2:37702
User logged out
User logged in 124.0.90.2:37788
Command GET /adxmlrpc.php received from 124.0.90.2:37788
User logged out
User logged in 124.0.90.2:37869
Command GET /adserver/adxmlrpc.php received from 124.0.90.2:37869
User logged out
User logged in 124.0.90.2:37950
Command GET /phpAdsNew/adxmlrpc.php received from 124.0.90.2:37950
User logged out
User logged in 124.0.90.2:38031
Command GET /phpadsnew/adxmlrpc.php received from 124.0.90.2:38031
User logged out
User logged in 124.0.90.2:38113
Command GET /phpads/adxmlrpc.php received from 124.0.90.2:38113
User logged out
User logged in 124.0.90.2:38190
Command GET /Ads/adxmlrpc.php received from 124.0.90.2:38190
User logged out
User logged in 124.0.90.2:38270
Command GET /ads/adxmlrpc.php received from 124.0.90.2:38270
User logged out
User logged in 124.0.90.2:38435
Command GET /xmlrpc.php received from 124.0.90.2:38435
User logged out
User logged in 124.0.90.2:38517
Command GET /xmlrpc/xmlrpc.php received from 124.0.90.2:38517
User logged out
User logged in 124.0.90.2:38600
Command GET /xmlsrv/xmlrpc.php received from 124.0.90.2:38600
User logged out
User logged in 124.0.90.2:38681
Command GET /blog/xmlrpc.php received from 124.0.90.2:38681
User logged out
User logged in 124.0.90.2:38763
Command GET /drupal/xmlrpc.php received from 124.0.90.2:38763
User logged out
Does anyone have any suggestions about components/techniques that
could provide some security for the server?
Thanks,
Rich
Delphi-Talk mailing list -Delphi-Talk (AT) elists (DOT) org
If I choose Christianity then the Islamic will say I'm a pagan.
If I choose Islamic then the Buddhism will say I'm a pagan.
If I chose Buddhism then the Jewish will say I'm pagan.
If I choose no God then everybody will say I'm pagan.
Please, can I be free? Can you NT tell me how I should live MY life?
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Delphi-Talk mailing list -Delphi-Talk (AT) elists (DOT) org

Thanks for your assessment - like many web site builders, I hope this one
will grow into a "famous" web site, but its still a long way from that now!
-Rich

Human wrote

Hello.
<snip/>
I do not really think you need a protection. Exploits appears for famous
web servers, when
somebody knows what the weak point is and how to penetrate through that
point.
Just keep your server anonymous (do not display any info about the server
type and version).
In the BEST CASE, a hacker can block/reset your server (flood). It is
really really really
difficult to penetrate a server and take over your computer/server or to
delete/replace the web
content.

However, if you still want you can modify the demo to make a small
something, I do not know how
to call it.
Is like a firewall but it will trigger only if the visitor try to connect
to the server more than
20 times in a minute.
If somebody tries to connect even faster 10/sec, then the firewall will
trigger more quickly.
No decent user will try to request so many pages in a minute. Therefore,
you can filter the
'enemy' out.

PS: the elementary school is the ideal place for a (small) hacker to hatch
and grow.
Small hacker = script kid

PS2: the server you mentioned (124.0.90.2) run currently a SSH server.
They also have a Telnet,
FTP and of course HTTP. They are also running some strange services that I
was unable to identify
for sure but I think that server is infected with NetPort Discovery Port
Masters Paradise Trojan
Horse (3129 open). So it just scanned your computer purely random.
Still I do not understand why it scanned you more than once.


>
>
>
At the final

As an unwritten rule: the higher is the port used, the greater the chance
that connection is an
attack (is coming from a 'bad' software with bed indentions).
>
>
>
>
>
>
>
>
>
>
>
>
>
Rich Cooper <rcooper15 (AT) comcast (DOT) netwrote:
>
>Hi All,
>>
>I have my Indy 9 httpserver running, and I have it store a log of
>which IPs access the site. There is one persistent visitor who
>shouldn't even be there. Its from IP address http://124.0.90.2/
>When I point IE at that address, I get a web page with asian
>characters on it that says something about Yeonseo elementary
>school.
>>
>Perhaps that site has been permeated by a virus that looks around
>the web for other sites to infect. Here's the section of log that
>shows what they were after:
>>
>User logged in 124.0.90.2:43434
>User logged out
>User logged in 124.0.90.2:37702
>Command GET / received from
>124.0.90.2:37702
>User logged out
>User logged in 124.0.90.2:37788
>Command GET /adxmlrpc.php received from 124.0.90.2:37788
>User logged out
>User logged in 124.0.90.2:37869
>Command GET /adserver/adxmlrpc.php received from 124.0.90.2:37869
>User logged out
>User logged in 124.0.90.2:37950
>Command GET /phpAdsNew/adxmlrpc.php received from 124.0.90.2:37950
>User logged out
>User logged in 124.0.90.2:38031
>Command GET /phpadsnew/adxmlrpc.php received from 124.0.90.2:38031
>User logged out
>User logged in 124.0.90.2:38113
>Command GET /phpads/adxmlrpc.php received from 124.0.90.2:38113
>User logged out
>User logged in 124.0.90.2:38190
>Command GET /Ads/adxmlrpc.php received from 124.0.90.2:38190
>User logged out
>User logged in 124.0.90.2:38270
>Command GET /ads/adxmlrpc.php received from 124.0.90.2:38270
>User logged out
>User logged in 124.0.90.2:38435
>Command GET /xmlrpc.php received from 124.0.90.2:38435
>User logged out
>User logged in 124.0.90.2:38517
>Command GET /xmlrpc/xmlrpc.php received from 124.0.90.2:38517
>User logged out
>User logged in 124.0.90.2:38600
>Command GET /xmlsrv/xmlrpc.php received from 124.0.90.2:38600
>User logged out
>User logged in 124.0.90.2:38681
>Command GET /blog/xmlrpc.php received from 124.0.90.2:38681
>User logged out
>User logged in 124.0.90.2:38763
>Command GET /drupal/xmlrpc.php received from 124.0.90.2:38763
>User logged out
>>
>Does anyone have any suggestions about components/techniques that
>could provide some security for the server?
>>
>Thanks,
>Rich
>>
>
>Delphi-Talk mailing list -Delphi-Talk (AT) elists (DOT) org
>
>>
>
>
If I choose Christianity then the Islamic will say I'm a pagan.
If I choose Islamic then the Buddhism will say I'm a pagan.
If I chose Buddhism then the Jewish will say I'm pagan.
If I choose no God then everybody will say I'm pagan.
Please, can I be free? Can you NT tell me how I should live MY life?

Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Delphi-Talk mailing list -Delphi-Talk (AT) elists (DOT) org

Delphi-Talk mailing list -Delphi-Talk (AT) elists (DOT) org

Hi All,

I can successfully get the following ShellExecute to start up IE:

ShellExecute( 2,'open',
'iexplore.exe',
pChar(WebURL+'News.htm'),
nil, SW_SHWNRMAL);

But what if the user is running a different web browser? Is there
a better (more generic) way to do this?

Thanks,
Rich

Delphi-Talk mailing list -Delphi-Talk (AT) elists (DOT) org

I use this (opens whichever is default browser)
ShellExecute( 2,'open',
pChar(WebURL+'News.htm'), nil,
nil, SW_SHWNRMAL);

Message
From: "Rich Cooper" <rcooper15 (AT) comcast (DOT) net>
To: "Delphi-Talk Discussion List" <delphi-talk (AT) elists (DOT) org>
Sent: Saturday, July 15, 2006 6:49 PM
Subject: Starting up ANY web browser with ShellExecute

Hi All,

I can successfully get the following ShellExecute to start up IE:

ShellExecute( 2,'open',
'iexplore.exe',
pChar(WebURL+'News.htm'),
nil, SW_SHWNRMAL);

But what if the user is running a different web browser? Is there
a better (more generic) way to do this?

Thanks,
Rich

Delphi-Talk mailing list -Delphi-Talk (AT) elists (DOT) org

Delphi-Talk mailing list -Delphi-Talk (AT) elists (DOT) org

Hi Si,

Thanks! That works for IE, though I haven't been able to test it
using other browsers at this time. Logically, it seems like it will
work with any of them.

Thanks,
Rich

Kraven wrote

>I use this (opens whichever is default browser)
ShellExecute( 2,'open',
pChar(WebURL+'News.htm'), nil,
nil, SW_SHWNRMAL);

Message
From: "Rich Cooper" <rcooper15 (AT) comcast (DOT) net>
To: "Delphi-Talk Discussion List" <delphi-talk (AT) elists (DOT) org>
Sent: Saturday, July 15, 2006 6:49 PM
Subject: Starting up ANY web browser with ShellExecute


>Hi All,
>
>I can successfully get the following ShellExecute to start up IE:
>
>ShellExecute( 2,'open',
>'iexplore.exe',
>pChar(WebURL+'News.htm'),
>nil, SW_SHWNRMAL);
>
>But what if the user is running a different web browser? Is there
>a better (more generic) way to do this?
>
>Thanks,
>Rich
>
>Delphi-Talk mailing list -Delphi-Talk (AT) elists (DOT) org
>

Delphi-Talk mailing list -Delphi-Talk (AT) elists (DOT) org

Delphi-Talk mailing list -Delphi-Talk (AT) elists (DOT) org