Old 8th February 2004, 08:03   #1
SLAM-PIT
Junior Member
 
Join Date: Oct 2003
Posts: 15
Send a message via AIM to SLAM-PIT
What is this?

Hi everyone:
I'm pretty much a noob at this, but I did a search and couldn't find anything.

I've seen this on my log a couple of times, from a couple different IPs. What is it? What are they doing? Any ideas?

Thanks!

<02/06/04@22:03:24> [dest: 66.9.137.XXX] Invalid resource request(/scripts/nsiislog.dll)
SLAM-PIT is offline   Reply With Quote
Old 8th February 2004, 13:10   #2
DJHotIce
Forum Loser
(Forum King)
 
DJHotIce's Avatar
 
Join Date: Jan 2003
Location: That place I can't remember the name.
Posts: 4,617
Send a message via AIM to DJHotIce Send a message via Yahoo to DJHotIce
Check out the results from a SHOUTcast forum search on 'Invalid Resource Request'.


Note: Other search criteria may yield more results.

-DJHotIce
Bounce Multimedia - Professional Web Design
DJHotIce is offline   Reply With Quote
Old 8th February 2004, 14:58   #3
SLAM-PIT
Junior Member
 
Join Date: Oct 2003
Posts: 15
Send a message via AIM to SLAM-PIT
I guess I should have been more specific. I really want to know how and why people are trying to access this "/scripts/nsiislog.dll". I did do a search before starting this thread and couldn't find anything. I get the feeling somethings not kosher, but I don't want to ban them for nothing. Thanks again.

<02/06/04@22:03:24> [dest: 66.9.137.XXX] Invalid resource request(/scripts/nsiislog.dll)
SLAM-PIT is offline   Reply With Quote
Old 8th February 2004, 15:21   #4
DJHotIce
Forum Loser
(Forum King)
 
DJHotIce's Avatar
 
Join Date: Jan 2003
Location: That place I can't remember the name.
Posts: 4,617
Send a message via AIM to DJHotIce Send a message via Yahoo to DJHotIce
seems like a hacking attempt. What port are you using? 80?

-DJHotIce
Bounce Multimedia - Professional Web Design
DJHotIce is offline   Reply With Quote
Old 8th February 2004, 15:41   #5
SLAM-PIT
Junior Member
 
Join Date: Oct 2003
Posts: 15
Send a message via AIM to SLAM-PIT
Yessir, port 80.

I did a search on "security" and "hacker" and didn't see anything useful. Maybe the mods should do a STICKY on the subject.

Here are a couple things I figured out the hard way, I'm sure there are a lot more:

1. Watch out for listeners that are connected too long (ie all day, all week) They aren't "fans", they're probably stealing your content.

2. Watch your log for a player called "Pathfinder". It's a program that looks for content it can steal.

3. Look for other errors like Invalid Requests that don't make sense (ie scripts).

4. How to ban users. It's simple but elusive. There's a web interface at http://your-ip:port/index.html. Log into the Admin section and there is a Ban List link.

That's all I can think of for now. What else could be added to the list?

Last edited by SLAM-PIT; 8th February 2004 at 16:03.
SLAM-PIT is offline   Reply With Quote
Old 8th February 2004, 15:55   #6
DJHotIce
Forum Loser
(Forum King)
 
DJHotIce's Avatar
 
Join Date: Jan 2003
Location: That place I can't remember the name.
Posts: 4,617
Send a message via AIM to DJHotIce Send a message via Yahoo to DJHotIce
seems like a automated bot trying to comprimise your webserver. Try changing to port 8000 and this should go away.

-DJHotIce
Bounce Multimedia - Professional Web Design
DJHotIce is offline   Reply With Quote
Old 8th February 2004, 16:05   #7
SLAM-PIT
Junior Member
 
Join Date: Oct 2003
Posts: 15
Send a message via AIM to SLAM-PIT
Thanks for you help. For some reason I thought port 80 was the "standard" for streaming. I had some listeners that couldn't connect on port 8000.
SLAM-PIT is offline   Reply With Quote
Old 8th February 2004, 18:01   #8
FesterHead
Alumni
 
FesterHead's Avatar
 
Join Date: Sep 2001
Location: Maui, Hawaii
Posts: 14,108
Looks like some script kiddie thinking the DNAS is IIS.
Nothing to be worried about.

Some folks behind tight firewalls can't access ports other than 80.

FesterHead is offline   Reply With Quote
Old 9th February 2004, 05:42   #9
wickedhouseparty
Member
 
Join Date: Jun 2001
Posts: 87
Quote:
Originally posted by SLAM-PIT

1. Watch out for listeners that are connected too long (ie all day, all week) They aren't "fans", they're probably stealing your content.
[/B]
And make sure you have an autokick set for some length of time, because they're stealing your bandwidth, too.

:-)
wickedhouseparty is offline   Reply With Quote
Old 9th April 2004, 23:59   #10
wishdokkta
Junior Member
 
Join Date: Apr 2004
Posts: 4
In response to the "pathfinder" comment above, it is also what comes up when someone using AOL attempts to connect to stream. I have a friend who is having this prob, it just drops him straight away but comes up as Pathfinder. My question is, is there a way around this?
wishdokkta is offline   Reply With Quote
Old 11th April 2004, 17:23   #11
wishdokkta
Junior Member
 
Join Date: Apr 2004
Posts: 4
i guess there isnt a workaround then??
wishdokkta is offline   Reply With Quote
Old 11th April 2004, 17:31   #12
FesterHead
Alumni
 
FesterHead's Avatar
 
Join Date: Sep 2001
Location: Maui, Hawaii
Posts: 14,108
What is the exact player used for listening?

FesterHead is offline   Reply With Quote
Old 13th April 2004, 21:37   #13
wishdokkta
Junior Member
 
Join Date: Apr 2004
Posts: 4
Winamp 5.03
wishdokkta is offline   Reply With Quote
Old 13th April 2004, 22:12   #14
FesterHead
Alumni
 
FesterHead's Avatar
 
Join Date: Sep 2001
Location: Maui, Hawaii
Posts: 14,108
Winamp 5.03 won't be using "pathfinder" in the user-agent tag.

FesterHead is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Shoutcast > Shoutcast Technical Support

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump