Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#74955 - 25/02/2002 15:50 Empeg locking up all of a sudden
Laura
pooh-bah

Registered: 16/06/2000
Posts: 1682
Loc: Greenhills, Ohio
The player has locked up 4 times in the lasr 15 minutes. I opened up hyperterminal and here is what I got.

khttpd: listening on port 80
kftpd: listening on port 21
Using non-standard cache size 126 (adjustment 8)
player.cpp : 385:empeg-car 2.00-beta11 2002/02/08.
Loading dancefile: "/empeg/lib/visuals/bevisdance.raw"
Loading dancefile: "/empeg/lib/visuals/ymcadance.raw"
Loading dancefile: "/empeg/lib/visuals/poledance.raw"
Prolux 4 empeg car - 2.1434 Feb 7 2002
Vcb: 0x407ed000
khttpd: open(/scripts/root.exe) failed, rc=-2
khttpd: open(/MSADC/root.exe) failed, rc=-2
khttpd: open(/c/winnt/system32/cmd.exe) failed, rc=-2
khttpd: open(/d/winnt/system32/cmd.exe) failed, rc=-2
khttpd: open(/scripts/..%5c../winnt/system32/cmd.exe) failed, rc=-2
khttpd: open(/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe) failed, r
c=-2
khttpd: open(/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe) failed, r
c=-2
khttpd: open(/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cm
d.exe) failed, rc=-2
khttpd: open(/scripts/..Á../winnt/system32/cmd.exe) failed, rc=-2
khttpd: open(/scripts/..À/../winnt/system32/cmd.exe) failed, rc=-2
khttpd: open(/scripts/..À¯../winnt/system32/cmd.exe) failed, rc=-2
khttpd: open(/scripts/..Áœ../winnt/system32/cmd.exe) failed, rc=-2


Maybe someone can clue me in on the problem???
_________________________
Laura

MKI #017/90

whatever

Top
#74956 - 25/02/2002 15:56 Re: Empeg locking up all of a sudden [Re: Laura]
guardian__J
enthusiast

Registered: 28/01/2002
Posts: 265
Loc: MI, USA
someone or a automated virus is trying to hack it and causing buffer overflows...disconnect it from the internet
_________________________
guardian__J
MKIIa 20g Smoke

Top
#74957 - 25/02/2002 15:56 Re: Empeg locking up all of a sudden [Re: Laura]
mtempsch
pooh-bah

Registered: 02/06/2000
Posts: 1996
Loc: Gothenburg, Sweden
Looks like your empeg is open towards to world and is receiving requests from Nimda or CodeRed (don't recall exactly which made what of those two...) infected web servers (IIS) that are trying to infect the webserver in the empeg (which isn't IIS, so they won't succed, but they seem to cause a DoS instead, probably due to some sort of buffer overflow.

Despite fixes being available for a long time, there's still a huge number of machines where the owner/operator has no clue that it's infected...

/Michael
_________________________
/Michael

Top
#74958 - 25/02/2002 16:00 Re: Empeg locking up all of a sudden [Re: Laura]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
You might wish to edit the necessary options in config.ini to disable the Hijack web- and ftp-related features. I don't know if they will prevent the buffer overflow crash or not, but it might be a start.

I would also seriously check into what else is plugged into the same network as your empeg. Whatever else is plugged into that network is getting hit with the same virus attacks, and may be susceptible to infection and/or compromise. In fact, one of your computers might be the very source of the infection.
_________________________
Tony Fabris

Top
#74959 - 25/02/2002 16:07 Re: Empeg locking up all of a sudden [Re: tfabris]
Laura
pooh-bah

Registered: 16/06/2000
Posts: 1682
Loc: Greenhills, Ohio
I run ZoneAlarm on the computers on the network and keep my virus protection up to date bi-weekly. If I dis-able the Hijack web and ftp features, will that mean that even friends that I have given the URL to won't be able to reach it?
_________________________
Laura

MKI #017/90

whatever

Top
#74960 - 25/02/2002 16:11 Re: Empeg locking up all of a sudden [Re: Laura]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
I run ZoneAlarm on the computers on the network and keep my virus protection up to date bi-weekly.

Okay, that's a good start. But without a layer of NAT in between your computers and the rest of the internet, there's still crap that can slip through. Having the NAT layer lets you sleep at night, and take vacations once in a while.

If I dis-able the Hijack web and ftp features, will that mean that even friends that I have given the URL to won't be able to reach it?

Correct. But if you don't want it hacked at, you can't have it exposed to the internet anyway. I do not recommend setting it up as a public web server. Mark's features were only ever meant to be used on a local network, not on the public internet.
_________________________
Tony Fabris

Top
#74961 - 25/02/2002 16:20 Re: Empeg locking up all of a sudden [Re: tfabris]
Laura
pooh-bah

Registered: 16/06/2000
Posts: 1682
Loc: Greenhills, Ohio
I'll look into getting some kind of NAT/firewall protection up for my home network. I don't mind the couple of people I know having access to it but don't want it available to everyone.

For now I will leave it disconnected from the network until I want to upload some files. Thanks for the help.

Are there certain files I should look for on my computers to see if they were infected?
_________________________
Laura

MKI #017/90

whatever

Top
#74962 - 25/02/2002 16:23 Re: Empeg locking up all of a sudden [Re: Laura]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
There's a much simpler solution than using NAT or a firewall.. Run your khttpd on any port other than port 80. Those viruses are only looking for HTTP servers on port 80. There's a hijack option like khttpd_port or something. It's a tiny bit of a pain to add a port number to your URL's but it's worth it.
_________________________
- Tony C
my empeg stuff

Top
#74963 - 25/02/2002 16:23 Re: Empeg locking up all of a sudden [Re: tfabris]
Laura
pooh-bah

Registered: 16/06/2000
Posts: 1682
Loc: Greenhills, Ohio
Now that I think about it, I gave the URL out to a friend today and it might have been him hitting on the page and maybe his computer is infected? Could that have caused the problem?
_________________________
Laura

MKI #017/90

whatever

Top
#74964 - 25/02/2002 16:27 Re: Empeg locking up all of a sudden [Re: Laura]
guardian__J
enthusiast

Registered: 28/01/2002
Posts: 265
Loc: MI, USA
I doubt it...
from what I remember of those viruses they just search for any IP...
and it has to be from a machine with IIS running, most end-users don't run it...
just because your friend is connecting doesn't mean that virus would be trying to connect from his machine. It doesn't do anything like email viruses that send to a users list, it just searches for every web server it can find
_________________________
guardian__J
MKIIa 20g Smoke

Top
#74965 - 25/02/2002 16:34 Re: Empeg locking up all of a sudden [Re: guardian__J]
Laura
pooh-bah

Registered: 16/06/2000
Posts: 1682
Loc: Greenhills, Ohio
Ok, just strange that today is the first time I have had any problems and it has been up on my network well over a week now. And I know he either doesn't run virus protection or it is very outdated, I have talked to him in the past about it and told him any tech should know better than that.

I'll see about changing the port in config.ini. Been awhile since I did any network support and have forgotten much of what I had learned.
_________________________
Laura

MKI #017/90

whatever

Top
#74966 - 25/02/2002 16:50 Re: Empeg locking up all of a sudden [Re: Laura]
guardian__J
enthusiast

Registered: 28/01/2002
Posts: 265
Loc: MI, USA
it could be that your ip has just never been selected as the random one to test until today.
Do you know what OS he is running? Unless it's NT Server or 2000 with IIS installed (not by default) then it's not him. I seriously doubt it could be.
_________________________
guardian__J
MKIIa 20g Smoke

Top
#74967 - 25/02/2002 16:53 Re: Empeg locking up all of a sudden [Re: guardian__J]
Laura
pooh-bah

Registered: 16/06/2000
Posts: 1682
Loc: Greenhills, Ohio
I'm not sure but I doubt it is one of those, but one never knows. I'll ask him next time I talk to him. I hooked it back up and will watch to see if it happens again. Maybe after it being off the network for a bit they moved on.
_________________________
Laura

MKI #017/90

whatever

Top
#74968 - 25/02/2002 17:06 Re: Empeg locking up all of a sudden [Re: Laura]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Are there certain files I should look for on my computers to see if they were infected?

A good "all files" scan of drive C with the latest virus-scan updates should be enough.

And despite what else has been said in this thread, It is indeed possible that the friend who you gave the address to could be the source of the attack. You don't necessarily have to be running a web server to be the victim of a web-aware virus. The newest versions of these viruses are "swiss army knives", trying many possible exploits simultaneously.

Something to remember about these viruses, they exploit known security holes in the operating system and web server software, so just as important as keeping your firewall/scanner software updated is keeping the operating system itself properly service-packed using the http://windowsupdate.microsoft.com site.

The reason one would wish to use a Nat/Firewall router is because things like Zone Alarm and keeping your OS updated can't catch everything. For instance, it didn't catch the empeg, and it can't catch certain other "hole-ridden" applications that might run on your system. I mean, most systems have lots of different pieces of third-party software running on them, and rarely does one know if all these applications are secure. A Nat/Firewall box will take care of it all in one fell swoop.
_________________________
Tony Fabris

Top
#74969 - 25/02/2002 17:09 Re: Empeg locking up all of a sudden [Re: Laura]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Oh, and Laura, I just wanted to say how impressed I was that you had the proper diagnostic information supplied (the Hyperterminal log) in your very first post on the subject.
_________________________
Tony Fabris

Top
#74970 - 25/02/2002 17:54 Re: Empeg locking up all of a sudden [Re: tfabris]
Laura
pooh-bah

Registered: 16/06/2000
Posts: 1682
Loc: Greenhills, Ohio
That is because reading the board has taught me well
I've been keeping the serial connection up for when things go whacko.
_________________________
Laura

MKI #017/90

whatever

Top
#74971 - 26/02/2002 07:28 Re: Empeg locking up all of a sudden [Re: tonyc]
Nosferatu
enthusiast

Registered: 24/08/2001
Posts: 344
Loc: France, Champagne
I had Displayserver installed on my Empeg and I set khhttpd port to 81.

But when Streaming came in Hijack I could'nt have Winamp to play the streams.

I Upgraded to Beta 7 and Installed Hijack again and after that , I could play streams from my Empeg in Winamp

I could manage my player in a Browser (IE6) and give it the correct address :
http://myempeg:81/ and Hijack was working but when wanted to stream I had error ?

Did I forgot setup something ? (Winamp ?)
_________________________
Empeg IIa - 10 Gb - Red Fascia - Tuner, the day is coming - I Will Strike From the Grey -

Top
#74972 - 26/02/2002 07:35 Re: Empeg locking up all of a sudden [Re: Nosferatu]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14496
Loc: Canada
Ahh... yes. Hijack does not format the .m3u playlist files with the port number.. I'll fix that in the next release.

-ml

Top
#74973 - 26/02/2002 07:40 Re: Empeg locking up all of a sudden [Re: mlord]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14496
Loc: Canada
No, never mind. This is not necessary. The client browser already supplies host:port in the header, and hijack uses that information already.

Have you tried this lately?

Top
#74974 - 26/02/2002 07:47 Re: Empeg locking up all of a sudden [Re: tfabris]
guardian__J
enthusiast

Registered: 28/01/2002
Posts: 265
Loc: MI, USA
really? which virus attaches to non-server machines?
I would assume that Laura was being attacked by a virus looking for a server. The lines that point to WinNT appear that way...
_________________________
guardian__J
MKIIa 20g Smoke

Top
#74975 - 26/02/2002 10:46 Re: Empeg locking up all of a sudden [Re: guardian__J]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
which virus attaches to non-server machines?

Most of the new ones. Nimda and Code Red, for example, have multiple delivery methods. It's the "latest fad" in viruses. Nimda, for example, spreads through e-mail, open file shares, certain exploits in the Windows file sharing mechanisim, and a couple of different ways via IIS.

I would assume that Laura was being attacked by a virus looking for a server. The lines that point to WinNT appear that way...

Just because the virus is looking for an IIS server on which to install itself, doesn't mean it has to be running on an IIS box in order to launch the attack. That's why these newer viruses are such a bitch to get rid of, they try multiple simultaneous infection methods from any box on which they're launched.
_________________________
Tony Fabris

Top
#74976 - 26/02/2002 10:49 Re: Empeg locking up all of a sudden [Re: mlord]
Nosferatu
enthusiast

Registered: 24/08/2001
Posts: 344
Loc: France, Champagne
Yes, iI changd to port 81 and it works.

Thanks !!
_________________________
Empeg IIa - 10 Gb - Red Fascia - Tuner, the day is coming - I Will Strike From the Grey -

Top
#74977 - 26/02/2002 17:15 Re: Empeg locking up all of a sudden [Re: tfabris]
guardian__J
enthusiast

Registered: 28/01/2002
Posts: 265
Loc: MI, USA
damn them virus writers!!
damn them all to hell!!
_________________________
guardian__J
MKIIa 20g Smoke

Top
#74978 - 26/02/2002 19:15 Re: Empeg locking up all of a sudden [Re: guardian__J]
Laura
pooh-bah

Registered: 16/06/2000
Posts: 1682
Loc: Greenhills, Ohio
Amen to that.

I didn't tell the one person that I changed the URL and I haven't been attacked since changing the port. So hopefully for now the player is safe from attacks. I'll still look into a firewall when money permits.
_________________________
Laura

MKI #017/90

whatever

Top
#74979 - 27/02/2002 08:47 Re: Empeg locking up all of a sudden [Re: guardian__J]
Narkotic
member

Registered: 20/02/2002
Posts: 158
haha, I think the viruii coders work for Symantec and Mcafee, but thats just a hunch.. i'm sure you get where i'm going with this..

Top
#74980 - 27/02/2002 10:52 Re: Empeg locking up all of a sudden [Re: Narkotic]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
You are a conspiracy theorist. I saw McAfee himself on a panel one time, and someone made that accusation. He was completely insulted at the insinuation, and explained that he did not need to write viruses to keep himself in business. The pimply-faced teenage wannabe hackers do a perfectly good job of keeping his company busy without his own team needing to add to the already-too-high workload.
_________________________
Tony Fabris

Top
#74981 - 27/02/2002 22:43 Re: Empeg locking up all of a sudden [Re: tfabris]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
Okay, I'm not of the mind that McAfee (I'm taking your word that there is actually a Mr. McAfee) or his company is writing viruses, but it's not like if they were, that, upon being accused of such, he would just say ``Awww, nuts! You caught us! I guess we're done, then.''
_________________________
Bitt Faulk

Top
#74982 - 27/02/2002 23:07 Re: Empeg locking up all of a sudden [Re: wfaulk]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Yes, there is a Mr. McAfee, his name is John, and he's a very articulate and intelligent guy. He strikes me as being very "on the level".
_________________________
Tony Fabris

Top
#74983 - 03/03/2002 10:46 Re: Empeg locking up all of a sudden [Re: tfabris]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
Too bad the virus scanner programs haven't evolved into something that could stop these recent viruses. I'm still waiting on a virus prevention program that uses some intellegance when protecting my system, instead of doing a simple scan. After all, there is plenty of processing power now, so where is my smart scanner?

Top
#74984 - 03/03/2002 11:33 Re: Empeg locking up all of a sudden [Re: tfabris]
hybrid8
carpal tunnel

Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
Next time you see John, ask him why his software is as hard to disable/remove as most viruses. That's what I'd like to hear him comment on.

Knock on wood, I have never been infected with a Virus on any of my PCs.

McAffee is the corporate standard at work. Can't stand it. I prefer something a lot less intrusive.

Bruno
_________________________
Bruno
Twisted Melon : Fine Mac OS Software

Top