>>>Hi everybody,
>>>
>>>I'd like to check IIS logs. How and where can I find them?
>>>
>>>Thanks a lot in advance.
>>
>>
http://www.smartertools.com/portal/KB/a154/how-to-where-are-my-iis-log-files-stored.aspx>
>Thanks, Tracy. Do you know some tool for easy viewing. I'll try the one referenced there.
>
>Anyway, I think I found the source (couple of entries like this)
>
>2008-09-08 16:39:01 logfile our site IP GET /page.aspx pid=96';DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(malicious code);EXEC(@S); 80 - 86.145.236.197 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+YPC+3.2.0;+.NET+CLR+1.1.4322;+SPOENB/1.0) 302 0 0
>2008-09-08 16:39:04 logfile Our site IP GET /page.aspx pid=96;DECLARE%20@S%20CHAR(4000);SET%20@S=CASTEXEC(@S); 80 - 86.145.236.197 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+YPC+3.2.0;+.NET+CLR+1.1.4322;+SPOENB/1.0) 302 0 0
>
>
>So, is 80 - 86.145.236.197 hacker's IP address? How can I figure out where it comes from?
http://securityadmin.info/faq.asp?reporthackerLook at this:
http://www.apnic.net/info/faq/abuse/index.htmlThere is lots of information out there on it... (note: the first step should be to gather the logs and provide the information to your service provider so they can block it there. they may wish to pursue it themselves as well...)
.·*´¨)
.·`TCH
(..·*
010000110101001101101000011000010111001001110000010011110111001001000010011101010111001101110100
"When the debate is lost, slander becomes the tool of the loser." - Socrates
Vita contingit, Vive cum eo. (Life Happens, Live With it.)
"Life is not measured by the number of breaths we take, but by the moments that take our breath away." -- author unknown
"De omnibus dubitandum"
