dreamwest Posted February 11, 2009 Share Posted February 11, 2009 Over the past 2 days ive seen this in my error log: [Tue Feb 10 19:50:52 2009] [error] [client 207.32.18.73] File does not exist: /home/user/public_html/directory, referer: http://127.0.0.1:4664/preview?event_id=144624&schema_id=2&q=like&s=000000000000000000000000000 Is this a google thing or a hack attempt Quote Link to comment https://forums.phpfreaks.com/topic/144730-is-this-a-hack/ Share on other sites More sharing options...
The Little Guy Posted February 11, 2009 Share Posted February 11, 2009 Looks like one of two things for me: 1. a hack 2. someone trying to access the wrong page on your site Quote Link to comment https://forums.phpfreaks.com/topic/144730-is-this-a-hack/#findComment-759998 Share on other sites More sharing options...
corbin Posted February 11, 2009 Share Posted February 11, 2009 A 404 error alone does not mean that someone is up to something, but why in the world is the request coming from the same computer? It's probably something you're doing lol. What program do you have that runs on port 4664? Quote Link to comment https://forums.phpfreaks.com/topic/144730-is-this-a-hack/#findComment-760014 Share on other sites More sharing options...
killah Posted February 11, 2009 Share Posted February 11, 2009 4664/TCP Google Desktop Search Unofficial That's from http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers Quote Link to comment https://forums.phpfreaks.com/topic/144730-is-this-a-hack/#findComment-760037 Share on other sites More sharing options...
dreamwest Posted February 12, 2009 Author Share Posted February 12, 2009 4664/TCP Google Desktop Search Unofficial That's from http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers Thanks for sharing. Did some more research on this: " In February 2007, Yair Amit from Watchfire found a series of vulnerabilities in Google Desktop that could allow a malicious individual to achieve not only remote, persistent access to sensitive data, but in some cases full system control as well. The significant impact and the ease of exploitation forced Google to change some of Google Desktop's logic in Google Desktop version 5." Ill keep an eye on my error log, he seems to have stopped, at its peak he was doing 200+ queries every hour. Quote Link to comment https://forums.phpfreaks.com/topic/144730-is-this-a-hack/#findComment-760175 Share on other sites More sharing options...
corbin Posted February 12, 2009 Share Posted February 12, 2009 I just realized that the referrer of 127.0.0.1 would mean the client's localhost, not your's lol. Had a slow moment earlier. So maybe for some reason, his Google Desktop install indexed /directory/ on your site? Quote Link to comment https://forums.phpfreaks.com/topic/144730-is-this-a-hack/#findComment-760193 Share on other sites More sharing options...
dreamwest Posted February 12, 2009 Author Share Posted February 12, 2009 Insert Quote I just realized that the referrer of 127.0.0.1 would mean the client's localhost, not your's lol. Had a slow moment earlier. Its ok, I have more that one an hour... So maybe for some reason, his Google Desktop install indexed /directory/ on your site? No more indexing my directories, with my htaccess powers and url rewrites...for example i have urls like this: http://www.site.com/fake_directory/123/title/ Which in reality is; http://www.site.com/show?id=123&title=blablabla He cant be too intelligent cause hes trying to access : http://www.site.com/fake_directory This sites been hacked many times before but im not the moronic programmer i used to be Quote Link to comment https://forums.phpfreaks.com/topic/144730-is-this-a-hack/#findComment-760229 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.