Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 4 of 4 total
Thread Confusing Server Log Entry
Tue, Jun 6 2006 12:05 AMPermanent Link

Dondi
Win98SE
Delphi 5
DBISAM 3.27

Below is a section of the Server log I am referring to :

This entry is legitimate -- I am the Admin and the Address is dynamic
and it is indeed mine for the session.
6/5/2006 11:31:44 AM Admin connection closed [Address: 68.237.39.85
Version: 3.27 Thread: 1984 Session: 0]

The entries below are not my Address and I could not locate anywhere in
the log an entry for a login or connection accepted or a logout for this
IP Address.

Have I been hacked?

6/5/2006 11:47:12 AM Admin connection closed [Address: 167.216.252.47
Version: 0.00 Thread: 31956 Session: 0]
6/5/2006 11:48:53 AM Admin connection closed [Address: 167.216.252.47
Version: 0.00 Thread: 31956 Session: 0]
6/5/2006 11:48:51 AM Admin connection closed [Address: 167.216.252.47
Version: 0.00 Thread: 30292 Session: 0]
6/5/2006 11:48:53 AM Admin connection closed [Address: 167.216.252.47
Version: 3.27 Thread: 1984 Session: 0]
6/5/2006 11:48:51 AM Admin connection closed [Address: 167.216.252.47
Version: 0.00 Thread: 32572 Session: 0]
6/5/2006 11:48:54 AM Admin connection closed [Address: 167.216.252.47
Version: 0.00 Thread: 31896 Session: 0]
6/5/2006 11:48:54 AM Admin connection closed [Address: 167.216.252.47
Version: 0.00 Thread: 29392 Session: 0]
6/5/2006 11:48:54 AM Admin connection closed [Address: 167.216.252.47
Version: 0.00 Thread: 26968 Session: 0]
6/5/2006 11:48:54 AM Admin connection closed [Address: 167.216.252.47
Version: 0.00 Thread: 31356 Session: 0]
6/5/2006 11:49:46 AM Admin connection closed [Address: 167.216.252.47
Version: 3.27 Thread: 1984 Session: 0]

I have never seen this before and a NG search has not turned up
anything. I did a "Who is" on the IP Address which did not shed any
light on the situation.

Anyone know what is occurring.

Thanks,
Dom
Tue, Jun 6 2006 12:25 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Dom,

<< The entries below are not my Address and I could not locate anywhere in
the log an entry for a login or connection accepted or a logout for this IP
Address.

Have I been hacked? >>

Well, you certainly have someone trying to connect to that port, first using
just a general connection, but finally actually connecting using 3.27.  This
is not a problem by itself, since they can't get in without the proper admin
password.

--
Tim Young
Elevate Software
www.elevatesoft.com

Wed, Jun 7 2006 12:34 PMPermanent Link

Dondi

Tim,
<< Well, you certainly have someone trying to connect to that port,
first using
just a general connection, but finally actually connecting using 3.27.
This
is not a problem by itself, since they can't get in without the proper
admin
password. >>

I understand what you are saying. On 6th June 2006 I got a series of
similar log entries but two in particular that have me worried. I
highlighted them below.

These are the ones
<<<<
6/6/2006 6:23:18 AM Admin connection closed [Address: 167.216.252.46
Version: 3.27 Thread: 1984 Session: 0]
6/6/2006 6:23:18 AM Connection closed [Address: 167.216.252.46 Version:
3.27 Thread: 16124 Session: 0]

6/6/2006 6:23:18 AM Engine error - DBISAM Engine Error # 15002 Error
uncompressing data [Address: 167.216.252.46 Version: 3.27 Request:
REQUEST_RECONNECT Thread: 15704 Session: 0]
>>>>

The rest are the same as this one.
6/6/2006 6:20:59 AM Connection closed [Address: 167.216.252.46 Version:
3.27 Thread: 2468 Session: 0]

and there are a lot.

I have Version 4 but have not installed it yet. I believe I read in the
docs that this version stops this type of abuse. Correct?

Thanks again for your help, again.
Dom
Wed, Jun 7 2006 4:52 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Dom,

<< I have Version 4 but have not installed it yet. I believe I read in the
docs that this version stops this type of abuse. Correct? >>

Version 3.27 or higher won't allow a reconnect without the proper process,
thread, and session IDs from the prior session.

--
Tim Young
Elevate Software
www.elevatesoft.com

Image