Jump to content
Be the first to know! Get our Daily Newsletter! ×

Thaivisa.com(promised) ?

rod_kalashnikov

By rod_kalashnikov
in Forum Support Desk

 Share

Recommended Posts

george Legendary Member

george

Posted
Posted

Are you using outpost software firewall? Can you see which IP address it's coming from?

It's most likely the worms on the net scanning for vulnerable machines. Probably nothing to worry about if your patched up.

It's someone looking to see if you are vulnerable to some known exploits in Windows. If you are using XP with SP1 and recent security patches then you are safe. Odds are they are scanning hundreds of systems at a time by scanning a range of ip addresses. Example exploit:

http://www.kb.cert.org/vuls/id/547820

Link to comment
Share on other sites
george Legendary Member

george

Posted
Posted

We have a dedicated server, so my best guess is that this is someone one the same C class net. I am chasing the NOC now. Could you please filter out the relevant log entries and email them to me as an attachment. admin[at]thaivisa.com Thanks.

I have installed Outpost on a separate machine, and so far nothing from our C net. A lot of other crap, though.

Link to comment
Share on other sites
tuky Diamond Member

tuky

Posted
Posted
For the past couple of days I've been periodically hit with suspicious port scans from thaivisa.com ................

=====

7:37:24 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (1391, 1390, 1392, 1388, 1389, 1387))

6:33:05 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (4828, 4827, 4826, 4825, 4824, 4823))

12:00:14 AM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (1278, 1277, 1280, 1276, 1275, 1274))

7/27/2004 11:54:59 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (2582, 2581, 2580, 2579, 2578, 2577))

7/27/2004 8:02:16 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (4057, 4055, 4053, 4052, 4051, 4050))

=====

For those interested, can someone in the know explain what all this means?

Link to comment
Share on other sites
huski Platinum Member

huski

Posted
Posted
For the past couple of days I've been periodically hit with suspicious port scans from thaivisa.com ................

=====

7:37:24 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (1391, 1390, 1392, 1388, 1389, 1387))

6:33:05 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (4828, 4827, 4826, 4825, 4824, 4823))

12:00:14 AM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (1278, 1277, 1280, 1276, 1275, 1274))

7/27/2004 11:54:59 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (2582, 2581, 2580, 2579, 2578, 2577))

7/27/2004 8:02:16 PM Attack Detection Report Port Scanning has been detected from www.thaivisa.com (scanned ports:TCP (4057, 4055, 4053, 4052, 4051, 4050))

=====

For those interested, can someone in the know explain what all this means?

tuky,

rod has a firewall that is logging port scan attempts...this activity usually occurs when a hacker is looking for a way into a computer.

when rod says it is one the best spoofs he means the hacker would be faking the thaivisa webserver's ip or there is a compromised port on the webserver that is redirecting port scans and using our webserver as the last hop.

however, i believe it is something else and not an attack on his system.

Link to comment
Share on other sites
chingy_ Silver Member

chingy_

Posted
Posted

im not sure if this is anything important, but let me give it a try, i browse thro thaivisa.com very often, more like a few dozen time a day, i have notice that every time i click to go to next page i have an extra click sound that sound like some one is trying to send me cookies or what ever it is, it never happen before, but now aday every page i go to i have and extra click sound other than my own.

Link to comment
Share on other sites
george Legendary Member

george

Posted
Posted

I have exchanged several e-mails with the hosting company, they are convinced that no suspcious programs or scripts are on the server ( they checked thoroughly ) and thus conclude that everything is normal, that these might just be the server doing it's normal job.

I have been logged in to the forum all day with two machines, one with Zone Alarmpro installed and one with Outpost Pro. Nothing suspicius in the logs.

May I suggest that you ask in a professional internet security forum, they might have some ideas what is wrong with your computer, OS, network or firewall setup.

Link to comment
Share on other sites
huski Platinum Member

huski

Posted
Posted
Those hacker attacks and port scans seem to occur ONLY when I'm logged in.

While I'm a Guest, nothing happens.

Things that make me go "Hmmmmmmm.........."

try logging into thaivisa with a different browser than microsoft IE, like firefox...if the problem goes away and you still want to use IE, delete your cookies and reset the firewall rules.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...