i have just noticed when i looked in my firewall logs and i found somthing strange
all activitys (about 100 till now-right at this moment) are from the same ip but diffrent port. my firewall allows it (i have apache for a reason) so my question is:
is there any program i can use to "spy" on whoever connects to my port 80 .
i mean a real log of what the "visitor"\haxor is doing .
be happy if someone could shed a light on this

I think what u're talking about is a honey pot. A good one is SPECTER Intrusion Detection System. Of course you have to buy this...but like all software there are "other" ways of aqcuiring it.

Also u did a pretty bad job masking the ip address lol. U can still see that its xxx.xxx.xxx.xxx. After doing a whois I found that its :

Army National Guard Bureau
111 S. George Mason Dr.
Arlington, VA, 22204-1373
US

What the f*ck are u running on u're server to get the army scanning u?

Of course it could be a scan/hack stro but no hacker is this good (or stupid) to hack a government server.

Please dont post the IP. Also, flame, please try to make it so we cant see it. thanks. w00dy

you could also use a packet sniffer such as snort or ethereal...

thanks for the attension but you misunderstood my question.
is that suspicios activity ?
and its not the army its something in Amsterdam, those dutch are ttrying to
hack into my apache... but i guess there are no exploits for apache...
thanks again . next time read carefully

flame: there really are exploits for apache... just upgrade to newest version to be quite sure you won't get hacked, and then you could just deny those f*cking dutch guys (i'm a dutch guy btw )....

CyA

thanks -
what is better 1.3 or the new 2.0 ?


and sry , probably cuzz im jelause of you ....
wish i was a dutch

Do a whois on that ip address and its not the dutch.

i have done whois
what whois server did u use ??
arent them all the same ...

www.google.com
"whois"

ARIN whois DB is good for IPs.

-Hardcore