HTF hacked?? (1 Viewer)

[Dan Hitchman]

Hi guys,
I just wanted to let you know that in the past week while browsing through this forum my Norton Internet Security software has been giving me warnings that it has blocked several attempts to crack my computer using various forms of Trojan Horses.
I was just wondering if the software might be confusing the server's attempts to set a cookie with a Trojan Horse attack, or whether someone has infiltrated your website.
This warning only pops up while on this forum, and has only be occuring within the past week and it happened again just a few minutes ago.
Hmmm...
Thought you'd like to know.
Dan
P.S. When will you be moving to your own high end, secure server due to the money drive's success?
------------------
Stop HDCP and 5C-- Your rights are at risk!
[Edited last by Dan Hitchman on October 08, 2001 at 12:38 PM]

 

[Kevin P]

If you look at your Norton Internet Security's log, it should tell you what sites or IP addresses sent the suspicious requests. Chances are there's no direct correlation with your accessing HTF and the incoming requests. All NIS is alerting you to is an incoming connection request from a remote site on a TCP/IP port that is known to be used by a Trojan or backdoor program. The only way you would be vulnerable to such an attack would be if your machine already had the Trojan or backdoor program running, in which case it would accept the connection request and allow the attacker to do things on your system.
If you're on a cable modem, it's not uncommon to get MANY hits on your firewall. It doesn't matter if you're browsing HTF or just sitting at the desktop. It's worse now with the Nimda virus pelting countless IPs with HTTP requests. I have a Linux machine between my cable modem and my workstation at home acting as a firewall, and it logs hundreds or thousands of hits a day. Most of them are broadcasts or mis-routed packets, but some are port scans or direct requests, usually HTTP ones by Nimda-infected boxes.
Unless the log is showing that the requests are coming from the HTF or its ISP, I would assume that HTF has nothing to do with them.
EDIT: I scanned my firewall's logs for any suspicious incoming packets from the HTF server. As expected, none were found, from July to present.
KJP
[Edited last by Kevin P on October 09, 2001 at 09:00 AM]

 

[Cees Alons]

Kevin's analysis is correct.
Also, I have a heavily guarded environment at my office and I received no warning or whatsoever today while browsing the forum.
Cees