Have I been hacked? should I be worried?

Discussion in 'Mac OS X Server, Xserve, and Networking' started by northernbaldy, Jun 9, 2010.

  1. macrumors 6502a

    northernbaldy

    #1
    I have just been looking at the access logs for my web server and found this


    221.192.199.35 - - [09/Jun/2010:09:34:23 +0100] "GET http://www.wantsfly.com/prx2.php?hash=0DD74D710FE7F8BE5D61A85C00502998EB2C06E3A7E4 HTTP/1.0" 404 1035
    221.192.199.35 - - [09/Jun/2010:13:11:45 +0100] "GET http://www.wantsfly.com/prx2.php?hash=0DD74D710FE7F8BE5D61A85C00502998EB2C06E3A7E4 HTTP/1.0" 404 1035
    221.192.199.35 - - [09/Jun/2010:17:21:49 +0100] "GET http://www.wantsfly.com/prx2.php?hash=0DD74D710FE7F8BE5D61A85C00502998EB2C06E3A7E4 HTTP/1.0" 404 1035
    221.192.199.35 - - [09/Jun/2010:17:52:59 +0100] "GET http://www.wantsfly.com/prx2.php?hash=0DD74D710FE7F8BE5D61A85C00502998EB2C06E3A7E4 HTTP/1.0" 404 1035
    93.97.168.92 - - [09/Jun/2010:20:18:07 +0100] "GET / HTTP/1.1" 200 5094
    93.97.168.92 - - [09/Jun/2010:20:18:07 +0100] "GET /collaboration/css/serverhome_static.css HTTP/1.1" 200 176
    93.97.168.92 - - [09/Jun/2010:20:18:07 +0100] "GET /collaboration/css/serverhome_static/iphone.css HTTP/1.1" 200 1010
    93.97.168.92 - - [09/Jun/2010:20:18:07 +0100] "GET /collaboration/javascript/compressed_libraries.js HTTP/1.1" 200 34682
    93.97.168.92 - - [09/Jun/2010:20:18:07 +0100] "GET /collaboration/css/serverhome_compressed.css HTTP/1.1" 200 4696
    93.97.168.92 - - [09/Jun/2010:20:18:07 +0100] "GET /collaboration/css/serverhome_static/overrides.css HTTP/1.1" 200 1187
    93.97.168.92 - - [09/Jun/2010:20:18:07 +0100] "GET /collaboration/css/required_compressed.css HTTP/1.1" 200 19562
    93.97.168.92 - - [09/Jun/2010:20:18:07 +0100] "GET /collaboration/javascript/serverhome.js HTTP/1.1" 200 913
    93.97.168.92 - - [09/Jun/2010:20:18:07 +0100] "GET /collaboration/css/required/img/spinner.gif HTTP/1.1" 200 3554
    93.97.168.92 - - [09/Jun/2010:20:18:07 +0100] "GET /collaboration/css/serverhome_static/img/footer-bg.png HTTP/1.1" 200 3254
    93.97.168.92 - - [09/Jun/2010:20:18:07 +0100] "GET /collaboration/javascript/compressed_widgets.js HTTP/1.1" 200 23394
    93.97.168.92 - - [09/Jun/2010:20:18:07 +0100] "GET /collaboration/css/serverhome_static/img/banner-bg.png HTTP/1.1" 200 291106
    93.97.168.92 - - [09/Jun/2010:20:18:08 +0100] "GET /favicon.ico HTTP/1.1" 200 7782
    93.97.168.92 - - [09/Jun/2010:20:18:08 +0100] "GET /collaboration-availability/webmail/ HTTP/1.1" 200 247
    93.97.168.92 - - [09/Jun/2010:20:18:08 +0100] "GET /collaboration-availability/groups/ HTTP/1.1" 200 247
    93.97.168.92 - - [09/Jun/2010:20:18:08 +0100] "GET /collaboration-availability/updates/ HTTP/1.1" 200 247
    93.97.168.92 - - [09/Jun/2010:20:18:08 +0100] "GET /collaboration-availability/users/ HTTP/1.1" 200 247
    93.97.168.92 - - [09/Jun/2010:20:18:08 +0100] "GET /collaboration-availability/emailrules/ HTTP/1.1" 404 1171
    93.97.168.92 - - [09/Jun/2010:20:18:08 +0100] "GET /collaboration-availability/changepassword/ HTTP/1.1" 404 1171
    93.97.168.92 - - [09/Jun/2010:20:18:08 +0100] "GET /collaboration-availability/webcal/ HTTP/1.1" 200 247
    93.97.168.92 - - [09/Jun/2010:20:18:08 +0100] "GET /collaboration-availability/podcastcapture/ HTTP/1.1" 503 1043
    93.97.168.92 - - [09/Jun/2010:20:18:08 +0100] "GET /collaboration/css/serverhome_static/img/more-bg.png HTTP/1.1" 200 2819
    93.97.168.92 - - [09/Jun/2010:20:18:08 +0100] "GET /collaboration/css/serverhome_static/img/service-bg.png HTTP/1.1" 200 57374
    93.97.168.92 - - [09/Jun/2010:20:18:08 +0100] "GET /collaboration/css/serverhome_static/img/service-icons.png HTTP/1.1" 200 104370

    I don't like the look of it! has someone got in?
     
  2. macrumors 601

    #2
    It looks like a bunch of GET requests, so I'm seeing no reason for worry. What don't you like about this traffic?
     
  3. macrumors 6502a

    northernbaldy

    #3
    I understand the 93.97.168.35 items now, not a problem
    it was just the wantsfly.com stuff I was curious about (I'm new and inexperienced)

    it would seem that all of the entries returned a 404 page, but there are loads of entries from wantsfly.com
     
  4. macrumors 601

    #4
    Since it's a 404, there's no worries. From googling, it appears folks try to use the proxy module available in Apache to find an open proxy.
     
  5. macrumors 6502a

    northernbaldy

    #5
    not sure what I have done now, but I can't log on to the fecking thing

    bugger :(
     
  6. macrumors 6502a

    northernbaldy

    #6
    fixed it, thank god for server tools! I managed to run server tools from my laptop and fix it!
    seems I had disabled my administrator login

    bloody computers :p
     

Share This Page