AbelCam Forum
Download AbelCam buy Pro
 
 
 
Welcome Anonymous User
11/22/2024 - 04:38 PM
Quick Search:
Quick Jump:
 
Announcements
no more windowswebcam.com
Termination of all AbelCam functionaliy by October 7th 2019
AbelCam 4.4.3 Release 2018-04-10 released
 RSS 
 
Latest Topics
Network no port incoming setting
SOLVED: Just bought license
IP camera settings
AbelCam 4.4.3 Release 2017-03-18 released
Schattenbahnhof mit Webcameras überwachen
Raspberry PI
AbelCam FTP Plugin
Good Development Wink
Ip auto blocker
In Large Cam View
 RSS 
 
Forum Home / Q&A from and for Members / Unauthorized access [Viewed 4611 Times]
Back
Unauthorized access
By: JohnA
Rank: Newbie
Topics: 5
From: USA
Added: 03/21/2008 - 03:23 AM
Message has been edited, click here to see original content

Message has been edited, click here to see original content

I have been testing my AbelCam, and so far have not "listed" it on the internet. I have set up the Web Server security with passwords and checked "protected". When I access the site remotely I get the access dialog and am able to log on.

Today I noticed that my "Show Country Information" had a flag from China displayed. I checked the debug file and noticed that an IP address from Thailand had tried to access my site. There were 5 attempts throughout the day, and one entry in the debug file for each:

10:38:40 58.61.155.13 http://www.nassc.com/pr.php Authentication requested
11:04:52 58.61.155.13 http://www.nassc.com/pr.php Authentication requested
11:34:52 58.61.155.13 http://www.nassc.com/pr.php Authentication requested
12:22:25 58.61.155.13 http://www.nassc.com/pr.php Authentication requested
12:40:35 58.61.155.13 http://www.nassc.com/pr.php Authentication requested

How would I interpret the access based on the log file? Does it record one line for each attempt? If someone was hacking in I assume I would see multiple entries within a short time period. What bothers me is that the same person keeps trying. I was running later on in the day and there were more access attempts from that address.

Any thoughts?

By: MelvinG
Rank: Magna Cum Laude
Topics: 661
From: Los Angeles, USA
Added: 03/21/2008 - 07:19 AM
I think it's safe to say that one line in the log = one attempt.

I'm confused on what's actually happening there. Who/what is "nassc.com"? Is that your AbelCam domain (doesn't appear to be now - I just tried to brose to it)? Or is that Chinese IP somehow managing to try and ask your AbelCam to open that nassc.com site (as if it thinks your AbelCam is an open proxy or something)?
By: JohnA
Rank: Newbie
Topics: 5
From: USA
Added: 03/21/2008 - 04:09 PM
Not sure what nassc.com is - not me. The one attempt doesn't bother me, but the retry every half hour or so does (a bit). I might try changing my port and see if that does anything.

Googled the address and saw some others with similar concerns:

Anyone else being scanned by 58.61.155.13?
Apparently it is a site in China but they have been scanning me for a while now and I am getting annoyed

Can anyone tell me who is scanning me?
so far no one has been able to tell me who is scanning my ports

Somebody is scanning your computer.
Your computer's TCP ports:
7212, 8080, 8000, and 3128 have been scanned from 58.61.155.13..

Resolving that IP comes to an unknown domain in China. Someone is trying to hack you.
Ensure that your firewall is set to block this.
Contact you Internet Service Provider and inform them, they can assist you by blocking that IP from their network and by changing your IP address...(more text here)...


By: MelvinG
Rank: Magna Cum Laude
Topics: 661
From: Los Angeles, USA
Added: 03/22/2008 - 01:37 AM
I did a little Googling today myself and it looks to me like this is related to the virus/worm detailed HERE. Perhaps an infected machine trying to propogate the worm to others. Nassc.com is one of the places the worm "phones home" to. So you might want to run a scan or look in your registry to see if the items described in the article I linked have been created, though I doubt anything will turn up.

These random scans by infected or malicious systems happen all the time but I've never seen one logged in AbelCam before. I avoid most scanning by not exposing any "well known" ports (and yes, 8080 has become well known even though it's technically non-standard). I expose ports in the 9300 - 9400 range for my AbelCam activities and haven't run into any weirdness so far.

By: JohnA
Rank: Newbie
Topics: 5
From: USA
Added: 03/23/2008 - 02:46 AM
Melvin - Thanks for the tip! I'll investigate. Sounds like it's time for a port change.
By: MelvinG
Rank: Magna Cum Laude
Topics: 661
From: Los Angeles, USA
Added: 03/23/2008 - 05:06 AM
Yeah, John, you should probably pick a random port up high somewhere. A lot of the people and programs that scan for vulnerabilities concentrate their efforts on a small set of ports that they're likely to "score" on. 8080 is one of those since everybody chooses that it first (for all sorts of stuff, not only AbelCam) when they discover their ISP is blocking 80.

Having said that, no matter what port you choose you'll still get the occasional hit from a port scanner. Typically no harm is done. Such is life.
By: JamesW
Rank: Newbie
Topics: 0
From: n/a
Added: 03/25/2008 - 02:48 AM
Message has been edited, click here to see original content

John, I just did a IP Lookup it is in;

Country: China (CN)
Region: 30 Guangdong
City: Guangzhou
Longitude: 23.1167
Latitude: 113.25

If you have google desktop get a little file called ipinfo.gg from download dot com. I am a computer Geek and I know what I'm talking about.
Frin

You can also goto;

http://www.who.is/whois-ip/ip-address/*******/

Where as the (*******) is the IP address should go.

Cool!

MIB