Probably. There's a Frontpage extension exploit that tries to post something harmful to shtml.exe. If you aren't using the extensions, there's no problem aside from the possible DOS. Do a reverse DNS and inform the IP's web master or their ISP. The machine is probably compromised itself. When Code Red was rampant, I had the distinct pleasure of contacting a local web security consultant to inform him that his domain was a zombie. Good times!
I was once connected to internet through dialup and and also running a java based server type program which received request at port 80 and display client socket info. My OS is win 98. I was surprised to find that a guy connected my server. The guy was from hongkong. I disconnected as soon as possible. What he was trying to do?
It probably wasn't even a "guy". Most of these attacks are performed by scripts run on previously compromised computers. The scripts run brute force attacks against any port it can find. If you aren't running a service that can be compromised, as Stan is not running Frontpage extensions on his web server, the script can't do anything (well, other than flood you with requests). In your case it is unlikely that your Java server could have been compromised. Hacking requires intimate knowledge of the inner workings of a server to exploit bugs in the program. A simple socket receive and print out probably (giving you the benefit of the doubt) doesn't have any holes. Other services on your windows machine, like disk and print sharing, can be remotely compromised. Lessons: Turn off unneeded services and run a firewall. They can't hack what an't running and what they can't see.
I'm practicing security through obscurity - since I wrote this server from scratch I doubt most usual exploits will have any effect. But I put the source on the site, so somebody who wants to take the time could try to write something, I guess. There is an IIS server on the same box, though. I wonder if they got through to it!
A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
posted 15 years ago
thank God I was not running any such application that can be compromised and yes my server was just a raw one that I was using to test my connecting to my own system through dialup. No problems have been detected so far after that incidence.