Security Student

It seems that someone has tried to gain access to my website by trying to use URL injection, which was amateur at best. The IP address routes to a block owned by a school district in Colorado leased by comcast business. The local time for that area when the attempt was made was 3:36pm. Considering the lack of delay between requests it also shows that a tool was used to attempt to gain access.

An image of the log file:
http://chaulis.com/images/penattempt.jpg

Nmap output of the IP:
Not shown: 919 filtered ports, 66 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
80/tcp open http
88/tcp open kerberos-sec
106/tcp open pop3pw
311/tcp open asip-webadmin
389/tcp open ldap
625/tcp open apple-xsrvr-admin
749/tcp open kerberos-adm
1723/tcp open pptp
3283/tcp open unknown
3306/tcp open mysql
3659/tcp open unknown
5900/tcp open vnc
No OS matches for host

The IP address hosts a website for the school district though. So either it’s some script kiddy in high school trying to deface my site or it’s a server that insecure that’s being used as a proxy. He didn’t even look for subdomains on the site, and just wend after the horde mail box which doesn’t exist, and the wordpress crap. Sucks to be him!