hello - i received a nasty-gram about my server hacking from a German server that provided me with the following information (below). in order to understand the German stuff, i was forced to watch several episodes of “Hogans Heroes”.
the (supposed) offending programs were:
virtue-now.net/cgi-bin/php5.cgi
bayern-polen.info/cgi-bin/php5.cgi
which neither domain name is on my server.
since the offending programs were php5.cgi, i assume this is virtualmin?
any suggestions?? thank you!
files sent to me:
199-231-184.26.txt
DETAILS ZU DEN ATTACKEN/STÖRUNGEN | DETAILS OF THE ATTACKS
(letzten 60 Tage / max. 100 St.) | (last 60 days / max. 100 hits)
|
IP-NUMBER: 199.231.184.26
|
| HOSTNAME : comptonpeslonline.com
| TIMESTAMP | ATTACKS | Port | TARGET-HOST
| 2014-10-19T18:35:18+02:00 | backdoor scann | 80 | host11.checkdomain.de |
| 2014-10-18T23:40:55+02:00 | backdoor scann | 80 | host11a.checkdomain.de |
VORHERIGE SPERREN DER IP-NUMMER
BANNED HISTORY OF THIS IP-NUMBER |
---|
199.231.184.26: this ip-number
was never banned before
AUZUG AUS SERVERLOGDATEI | EXCERPT FROM SERVER LOGFILE
virtue-now.net/cgi-bin/php5.cgi (Proto: HTTP/1.1 / Local-IP: 130.185.109.77 / Local-Port: 80)
bayern-polen.info/cgi-bin/php5.cgi (Proto: HTTP/1.1 / Local-IP: 130.185.108.125 / Local-Port: 80)
report.txt
Reported-From: abuse-out@checkdomain.de
Category: abuse
Report-Type: hack-attack
Service: http
Version: 0.1
User-Agent: Checkdomain Express 0.19
Date: Sun, 19 Oct 2014 18:58:21 +0200
Source-Type: ipv4
Source: 199.231.184.26
Port: 80
Report-ID: 107111948337@checkdomain.de
Schema-URL: http://www.blocklist.de/downloads/schema/info_0.1.1.json
Attachment: text/plain