Strange Print-out: Potential Hacker?

Discussion in 'Mac Accessories' started by Platonist, Mar 30, 2011.

  1. Platonist macrumors member

    Platonist

    Joined:
    Nov 3, 2006
    #1
    So, I have searched the web (and Macrumors) for a solution to this and have come up woefully short. I have now received 5 printed 'messages' from my HP Laserjet 1320 that is connected to the USB port on my Airport Extreme. They say the following:

    GET http://zerg.helllabs.net/cgi-bin/textenv.pl HTTP/1.1
    Host: zerg.helllabs.net
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    Accept: */*
    Accept-Language: zh-cn
    Connection: Keep-Alive

    ♦☺PJ}β↕♣☺

    Is this something about which I should be concerned? My worry is that someone is trying to get into my network (for whatever reason). I saw that one other person had mentioned this in the 'Basics' forum, but I thought that since there were no replies there I would try over here.

    Any input would be greatly appreciated!
     
  2. Platonist thread starter macrumors member

    Platonist

    Joined:
    Nov 3, 2006
    #3
    I have seen some of the posts on the 'WAN Printer Settings' issue but they were rather speculative and I still wasn't satisfied with the explanations offered. If someone could offer a brief, semi-plain english answer as to what is going on it would be appreciated. I have had this set up for over 4 years and this had never happened before the past few weeks. Why the change?
     
  3. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #4
    There's a brief discussion of proxy checkers here, that might help:
    http://www.corpit.ru/mjt/proxycheck.html

    Make sure your network is secured by a WPA2 password that's fairly complex. Also, make sure your firewall is enabled and check your settings for Sharing.
     
  4. skorpien macrumors 68020

    Joined:
    Jan 14, 2008
    #5
    Basically, if I understand correctly, the people sending that information are attempting to find and exploit vulnerabilities on port 9100 (according to the link GGStudios posted) by telling any machine with that port forwarded to it to run that perl script that follows the GET command. If your network wasn't secured properly and that port was forwarded to a Windows machine on your network, it would infect the machine and make it a zombie for the hackers to use in an attack against somebody else (and it would be traced to you as it would be your computer attacking). However, as that port is set to forward to your printer, it's merely printing out the request instead. Closing the port by disabling printing over WAN should stop the prints. The only thing that's changed is that the hackers are now targeting your IP address. However, if you close the port, you'll have nothing to worry about (especially if you have a decent antivirus/firewall on your PC).
     
  5. Platonist thread starter macrumors member

    Platonist

    Joined:
    Nov 3, 2006
    #6
    Great -- I think I am starting to understand now. So, I have no PCs on the network -- only Macs. I have turned off the WAN printer sharing, WPA2 security is on (has been all along), the firewall is running on all machines (again, they have had the firewalls on the whole time), and I have a fairly long and difficult to guess password (though I have not changed it in a while). Having said all of that, how much of a danger is this? It sounds as though I am fine, but I don't like the idea of someone trying to break into my network via my IP address (if that is an accurate way to characterize things). Is this senseless paranoia on my part or are there real concerns to mitigated here...

    Many thanks!
     
  6. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    Yes, there are hackers out there all the time, looking for vulnerable systems to exploit, but there's no reason you have to worry, if you've taken reasonable steps to secure your system. For more security information, read the following link, including the very last part, on enhancing your Mac security.
     
  7. skorpien macrumors 68020

    Joined:
    Jan 14, 2008
    #8
    You've taken every precaution you can. You're safe. The reality is there are tons of attempts such as this occuring every day. And chances are they happened upon your IP by "accident" (probably a program that tries random IP addresses and hopes for the best). The best thing to do is to set up the best type of defense you possibly can, such as using antivirus and firewall programs and by closing all unused open ports on your network. I highly doubt you are the intended target of this attack, but merely just an attempt to increase their arsenal of zombie systems. There is no way to stop these attacks completely short of taking your entire network down, but that would be going a tad too far.
     
  8. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #9
    You don't need antivirus to protect a Mac from malware. Read the link I just posted.
     
  9. skorpien macrumors 68020

    Joined:
    Jan 14, 2008
    #10
    Apologies, I misread the thread. I thought there were PCs on the network.
     
  10. Platonist thread starter macrumors member

    Platonist

    Joined:
    Nov 3, 2006
    #11
    Many thanks for the replies! It's nice to know that there are folks out there willing to explain these things to those of us with little experience in the matter(s).
     

Share This Page