Skip to content
View in the app

A better way to browse. Learn more.
Thailand News and Discussion Forum | ASEANNOW

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Thaivisa.com(promised) ?

rod_kalashnikov
in Forum Support Desk

Featured Replies

Are you using outpost software firewall? Can you see which IP address it's coming from?

It's most likely the worms on the net scanning for vulnerable machines. Probably nothing to worry about if your patched up.

It's someone looking to see if you are vulnerable to some known exploits in Windows. If you are using XP with SP1 and recent security patches then you are safe. Odds are they are scanning hundreds of systems at a time by scanning a range of ip addresses. Example exploit:

http://www.kb.cert.org/vuls/id/547820

I have forwarded this thread to our hosting provider for advise. My guess is that these activities SEEMS to come from our server, but I am quite confident that they are not.

Will revert asap.

We have a dedicated server, so my best guess is that this is someone one the same C class net. I am chasing the NOC now. Could you please filter out the relevant log entries and email them to me as an attachment. admin[at]thaivisa.com Thanks.

I have installed Outpost on a separate machine, and so far nothing from our C net. A lot of other crap, though.

For the past couple of days I've been periodically hit with suspicious port scans from thaivisa.com ................

=====

7:37:24 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (1391, 1390, 1392, 1388, 1389, 1387))

6:33:05 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (4828, 4827, 4826, 4825, 4824, 4823))

12:00:14 AM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (1278, 1277, 1280, 1276, 1275, 1274))

7/27/2004 11:54:59 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (2582, 2581, 2580, 2579, 2578, 2577))

7/27/2004 8:02:16 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (4057, 4055, 4053, 4052, 4051, 4050))

=====

For those interested, can someone in the know explain what all this means?

For the past couple of days I've been periodically hit with suspicious port scans from thaivisa.com ................

=====

7:37:24 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (1391, 1390, 1392, 1388, 1389, 1387))

6:33:05 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (4828, 4827, 4826, 4825, 4824, 4823))

12:00:14 AM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (1278, 1277, 1280, 1276, 1275, 1274))

7/27/2004 11:54:59 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (2582, 2581, 2580, 2579, 2578, 2577))

7/27/2004 8:02:16 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (4057, 4055, 4053, 4052, 4051, 4050))

=====

For those interested, can someone in the know explain what all this means?

tuky,

rod has a firewall that is logging port scan attempts...this activity usually occurs when a hacker is looking for a way into a computer.

when rod says it is one the best spoofs he means the hacker would be faking the thaivisa webserver's ip or there is a compromised port on the webserver that is redirecting port scans and using our webserver as the last hop.

however, i believe it is something else and not an attack on his system.

im not sure if this is anything important, but let me give it a try, i browse thro thaivisa.com very often, more like a few dozen time a day, i have notice that every time i click to go to next page i have an extra click sound that sound like some one is trying to send me cookies or what ever it is, it never happen before, but now aday every page i go to i have and extra click sound other than my own.

I have exchanged several e-mails with the hosting company, they are convinced that no suspcious programs or scripts are on the server ( they checked thoroughly ) and thus conclude that everything is normal, that these might just be the server doing it's normal job.

I have been logged in to the forum all day with two machines, one with Zone Alarmpro installed and one with Outpost Pro. Nothing suspicius in the logs.

May I suggest that you ask in a professional internet security forum, they might have some ideas what is wrong with your computer, OS, network or firewall setup.

Did you clean your computer from any trojan viruses/worms?

The "attacks" seem to be to frequent to be generated from an outside source.

Aren't they originating from your computer?

Those hacker attacks and port scans seem to occur ONLY when I'm logged in.

While I'm a Guest, nothing happens.

Things that make me go "Hmmmmmmm.........."

try logging into thaivisa with a different browser than microsoft IE, like firefox...if the problem goes away and you still want to use IE, delete your cookies and reset the firewall rules.

Create an account or sign in to comment
Go to topic listing

Recently Browsing 0

  • No registered users viewing this page.

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.