Screen capture of your desktop!

[boxxertrumps]

I was over at tykonda's house last night... i saw that theme and almost had a heart attack...

Then he told me it was only a skin...

[ItsMeOnly]

HP Visualize B132L revisited


...and Tru64 on AS600

[boxxertrumps]

http://i119.photobucket.com/albums/o...ps/height1.png - 200kb..
Why's my router accessing my website?
Very odd.

[Twey]

Is the webserver on your LAN, or outside?

[boxxertrumps]

My lan, its the comp i bought for myself last july...
if it was remote then it would show my public IP, (24.57.242.226) right?

[Twey]

Yeah, but it would be plausible that there would be another machine on the server's LAN that just happened to have the same IP as your router. As it is, I'm not sure. I'd start getting paranoid about now.

[lainlives]

it is very possible for the the servers lan to have a computer with the same ip as u because my ip address has 3 in the same city...

[Twey]

Yes, except that it's on the same LAN, so it can't be.
boxxertrumps, if I were you I'd make sure someone hasn't compromised your router... check network logs for any other connections made by that router, upgrade the firmware, flash the settings and change the password. It could also be someone spoofing their IP, especially if your network is wireless.

Do you have the query string sent by the "router?"

[boxxertrumps]

I dont know how to begin doing what you just told me too...
its not wireless, and its understandable that its been comprimised because i havent changed the password. Or default UN.
Sooo...
I have some things to do...

EDIT: why do you have router in quotes?
But i only have the IP and timestamp of its acsess...

[Twey]

I dont know how to begin doing what you just told me too...

Disconnect the router from the internet, then look for the reset button on it. That'll take care of any surprises the attacker may have left. After hitting that, log in and set it up (change the username and password this time!), then browse to the manufacturer's site and download the latest firmware for it. There'll be a config page on the router somewhere where you can upload a new firmware version. Do a thorough virus scan on your machines, too, and check that there's nothing unusual left behind and no ports left open: if there are it's likely the attacker has compromised one. It's possible that more sophisticated measures could have been used -- if you want to be completely certain, you'd have to reformat them all -- but I think it unlikely.

its not wireless, and its understandable that its been comprimised because i havent changed the password. Or default UN.

Oh dear.

EDIT: why do you have router in quotes?

Because if it were a wireless network, it would be possible to connect and send a request to the web server that looked as though it came from the router, which is one possible way of avoiding suspicion.