Strange entry in Cleint tag

Folks,
I have noticed a strange entry in <Client> tag and I cannot find any reference to it in the docs:
<Client urlhost="whatever.com" 2=">">
NameTrans fn="redirect" from="/" url="http://www.somewhere.com/notimportant.html"
</Client>
What does this 2=">" mean inside <Cleint> tag?
Any ideas?
Sasha aka ttalex

That weird 2=">" is the result of using the Administration Server to update an obj.conf file that contained a <Client> tag with a syntax error. When the Administration Server writes out obj.conf files, parameters without values (e.g. "enabled") get reformatted as a name="value" pair, where the name is an integer (e.g. 1="enabled"). There was probably a stray double quote and right angle bracket in your <Client> tag.
You should manually remove the 2=">".

Similar Messages

Strange Entries in System and Console Logs

I have some strange entries in my system and console logs. In the system log, I regularly see these entries:
Feb 24 21:07:29 joseph-youngs-computer /System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport: Error: owner of process not logged in on console - exiting.
Feb 24 21:20:32 joseph-youngs-computer kernel[0]: (82: coreservicesd)tfp: failed on 0:
In my console log, I regularly find these entries:
2006-02-25 09:23:24 -0600
2006-02-24 21:07:30.530 loginwindow[803] FSResolveAliasWithMountFlags returned err = -43
On occasion, I find something like this in my console log:
Assert failed: /Users/dave/dev/flash/player/FlashPlayer/platform/mac/plugins/../../../core/spl ay.cpp:7105
I admit to being something of a novice with the Mac, so I am not sure what to make of these entries, though I never noticed anything like this on my eMac, or on my prior iMac. Also, on the entry above, there are no users named dave on my Mac.
Has anyone else noticed this, and can anyone shed any light on what these messages mean?

Resolved with a clean install.

Strange entries in lighttpd access log -- help!

Hi,
I run a lighttpd server at home. I just use it for working with some scripts, and sharing stuff with my friends. I have a dynamic IP address, so I use dyndns for getting a hostname.
Today I noticed some strange entries in the lighttpd access log:
64.162.221.146 lti-mail01.ltinetworks.com:25 - [14/Feb/2010:11:38:23 +0530] "POST http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 200 8 "-" "-"
64.162.221.146 - - [14/Feb/2010:11:38:25 +0530] "CONNECT http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 501 357 "-" "-"
64.162.221.146 lti-mail01.ltinetworks.com:25 - [14/Feb/2010:11:45:40 +0530] "POST http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 200 8 "-" "-"
64.162.221.146 - - [14/Feb/2010:11:45:43 +0530] "CONNECT http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 501 357 "-" "-"
64.162.221.146 lti-mail01.ltinetworks.com:25 - [14/Feb/2010:11:52:58 +0530] "POST http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 200 8 "-" "-"
64.162.221.146 - - [14/Feb/2010:11:53:01 +0530] "CONNECT http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 501 357 "-" "-"
64.162.221.146 lti-mail01.ltinetworks.com:25 - [14/Feb/2010:12:00:12 +0530] "POST http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 200 8 "-" "-"
64.162.221.146 - - [14/Feb/2010:12:00:15 +0530] "CONNECT http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 501 357 "-" "-"
64.162.221.146 lti-mail01.ltinetworks.com:25 - [14/Feb/2010:12:07:28 +0530] "POST http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 200 8 "-" "-"
64.162.221.146 - - [14/Feb/2010:12:07:30 +0530] "CONNECT http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 501 357 "-" "-"
What is going on here? Some kind of spambot? Note that I don't have the sendmail service installed, and port 25 is not forwarded on my router. Is this a threat and how do I deal with this?
Thanks.

loafer wrote:I don't know a great deal about this. However, if you google for "lti-mail01.ltinetworks.com" you'll get a load of hits, which indicate there may be a problem.
Yes, I did some more searching and apparently its a known problem.
This thing is trying to send a POST action to another site. Is there any way I can restrict POST actions to my own domain?

Connect Lost and Strange Entry in Access Log

All users got FRM-92100 and at the same time, multiple strange entries in access_log like the one below.
Any ideas why a java error message is showing up as post? It looks like user's JVM is generating and sending this message, is that possible? What does this error message tell me about the status of the server?
10.148.8.48 - - [22/Jul/2003:14:45:55 -0700] "POST /forms90/<HTML><HEAD><TITLE>500 Internal Server Error</TITLE></HEAD><BODY><H1>500 Internal Server Error</H1><PRE>java.lang.UnsatisfiedLinkError: Native Library D:\ora9iapp\BIN\ifjsl90.dll already loaded in another classloader
 at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1383)
 at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1314)
 at java.lang.Runtime.load0(Runtime.java:698)
 at java.lang.System.load(System.java:797)
 at oracle.forms.servlet.RunformProcess.loadLibrary(Unknown Source)
 at oracle.forms.servlet.RunformProcess.<init>(Unknown Source)
 at oracle.forms.servlet.RunformProcess.<init>(Unknown Source)
 at oracle.forms.servlet.RunformSession.<init>(Unknown Source)
 at oracle.forms.servlet.RunformSession.get(Unknown Source)
 at oracle.forms.servlet.ListenerServlet.getRunformSession(Unknown Source)
 at oracle.forms.servlet.ListenerServlet.getInfo(Unknown Source)
 at oracle.forms.servlet.ListenerServlet.doGet(Unknown Source)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:244)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:336)
 at com.evermind[Oracle9iAS (9.0.2.2) Containers for J2EE].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:66)
 at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:283)
 at com.evermind[Oracle9iAS (9.0.2.2) Containers for J2EE].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:539)
 at com.evermind[Oracle9iAS (9.0.2.2) Containers for J2EE].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:285)
 at com.evermind[Oracle9iAS (9.0.2.2) Containers for J2EE].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:771)
 at com.evermind[Oracle9iAS (9.0.2.2) Containers for J2EE].server.http.AJPRequestHandler.run(AJPRequestHandler.java:152)
 at com.evermind[Oracle9iAS (9.0.2.2) Containers for J2EE].server.http.AJPRequestHandler.run(AJPRequestHandler.java:72)
 at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:802)
 at java.lang.Thread.run(Thread.java:484)
 </PRE></BODY></HTML> HTTP/1.1" 404 339

Thomas,
the Post method shouldn't bother as it seesm that the servlet spills out all the error HTML file code. However
"java.lang.UnsatisfiedLinkError: Native Library D:\ora9iapp\BIN\ifjsl90.dll already loaded in another classloader" points to a classloader problem.
All I found is a note saying that this happens if you have a running Forms while applying a Patch set to Forms or Oracle9iAS. In specific the OPM needs to be stopped before installing the patch. Otherwise you end up with the newer dll version not being copied to the system. There's a section in the readme about stopping OPM.
Not sure if this is helping your problem, but its the same error that you are getting.
Frank

Strange Entries in 'Pattern Analysis' results

I'm using the Pattern Discovery feature of Data Profiling and I'm getting strange characters in the results for Dominant Character Pattern and Dominant Word Pattern. For instance, two of the patterns returned are ^(9+)$ and ^(Aa((4))$ And the data that supposedly conforms to these patterns are simple integers or words.
Does any one know what could be going on here? Some kind of corruption in the result set? Or am I missing how to interpret these strange entries? Thanks.

The patterns discovered are regular expressions. Are you looking for common format discovery? If you want to know something is a number or a date or en email address look at the common format discovery (under the hood a common format may be a number of reg expression also). You will have to select 'Enable Common Format Discovery' and reprofile. The common format is another column in this pattern discover table.
Cheers
David

WD4VC Callable Object: No parser configuration entry for the tag Invoke

I am trying to use a Visual Composer model as a callable object. I can deploy OK (as a Web Dynpro model, having checked the copmiler options "Deploy Model with PAR" and "Add Guided Procedure information").
When I try to test the Callable Object, I get the following error:
com.sap.tc.wd4vc.intapi.info.exception.WD4VCRuntimeException: No parser configuration entry for the tag Invoke.
No idea how to get around this.
Any help greatly appreciated.
Kind Regards,
Tony.

Hi Mario,
We have only three runtime in VC 7.0
1. XGraph
2. Flash
3. Webdynpro.
In your blog on wiki Flex runtime is mentioned as given below:
Webdynpro runtime is not fully supported in NW04s and some tags may not be supported as stated in the error. The reccomendation is to use the flex runtime.
Is Flex runtime and Flash runtime is same ,
I have tried to deploy the model in Flash runtime and Portal runtime error ocurs by diasply renderning JSP Component,
But when i deploy it in Webdynpro runtime , it works fine for displaying data in Table.But gives error :No parser configuration entry for the tag ChartView , when i used chart in place of table .
Thanks.

No parser configuration entry for the tag ChartView

Hi All,
We have created chartview in VC 7.0 but getting below error while deploying in webdynpro runtime.
com.sap.tc.wd4vc.intapi.info.exception.WD4VCRuntimeException: No parser configuration entry for the tag ChartView
Rohit

Hi Mario,
We have only three runtime in VC 7.0
1. XGraph
2. Flash
3. Webdynpro.
In your blog on wiki Flex runtime is mentioned as given below:
Webdynpro runtime is not fully supported in NW04s and some tags may not be supported as stated in the error. The reccomendation is to use the flex runtime.
Is Flex runtime and Flash runtime is same ,
I have tried to deploy the model in Flash runtime and Portal runtime error ocurs by diasply renderning JSP Component,
But when i deploy it in Webdynpro runtime , it works fine for displaying data in Table.But gives error :No parser configuration entry for the tag ChartView , when i used chart in place of table .
Thanks.

Strange entry in the /etc/hosts file

Hi,
While doing some testings with my network this afternoon, I noticed that there's this strange line in my /etc/hosts file:
::1 localhost
Anybody has any idea what the "::1" is for? The only thing related to network that I had recently installed is VPN Tracker. Could it be VPN Tracker that added that line to the hosts file?
Thanks in advance for your help!
Frank
PowerBook G4 Mac OS X (10.4.8)

It's supposed to be there, here's a fresh install's complete hosts file...
# Host Database
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost "
Not sure what it means... may be a 16 bit number though! :-D

Very strange, Entry Processor block the entire coherence node

I have a client node(storage= false) client1 which continues do get from cache1, the code is below:
for(int i=0;i<10000000;i++){
 System.out.println("get:"+ cache1.get(i));
and have another client node(storage= false) client2 which invoke a Entry Processor. this Entry Processor is work on cache2(not cache1)
cache2.invoke(keys,new MyEntryProcessor());
the MyEntryProcessor code is as below:
public Object process(Entry entry) {
 for(int i=0;i< 1000000;i++){
 entry.getKey();
 entry.getValue();
 System.out.println(i);
 return null;
when client2 begin run, client1 will be blocked, until client2's Entry Processor is finished.
who can tell me why. it's very strange, because client1 and client2 are work on two different cache. and it's only do get

If these two caches belong to same cache service, then their requests are handled by the same service thread. Coherence only use single service thread per service per node. So if the get() for cache1 and the entry processor for cache2 go to the same node, you will see that behavior if cache1 and cache2 belong to same cache service.
Either turn on thread pool (if you want to use same cache service( or use different cache service.

Solution manager system log - strange entries

Hi Everyone,
the problem we are facing in Solution Manager system log every five minutes appears a new error message:
2 Database error -30082 at CON
0 > SQL30082N Security processing failed with reason "24"
0 > ("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001
First of all the landscape: ECC, BI, CRM, PI and Solman. Each system is DEV, QUA, PRD - except Solution Manager.
Result of going to see the logs within work directory:
Connect to %_DCR_XXXXX as db2dcr with DB6_DB_NAME=DCR;DB6_DB_HOST=xxxxxx;DB6_DB_SCHEMA=SAPSR3;DB6_DB_SVCENAME=5912
C *** ERROR in DB6Connect[dbdb6.c, 1727] CON = 1 (BEGIN)
C &+***      DbSlConnectDB6( SQLDriverConnect ): [IBM][CLI Driver] SQL30082N Security processing failed with reason "24" ("USE
C &+***      RNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001
C &+***
C &+***
C &+***      ABAP location info 'CL_SQL_CONNECTION=============CP', 337
C &+***
C *** ERROR in DB6Connect[dbdb6.c, 1727] (END)
C *** ERROR => DbSlConnect to 'DCR' as 'db2dcr' failed
[dbdb6.c      1732]
Some of the systems are being connected successfully and the error messages in SM21 are not related to those systems. But some of the systems like DCR cannot be reached. And this fact causing the error messages.
I haven't configured Solution Manager because I have joined the project later. I would like to know what job is trying to access the satellite system and for what purpose.
On solution manager side I have checked all the scheduled background jobs - all of them have been executed successfully.
There some of them are scheduled but it is hard understand what is purpose of the job.
I have checked and corrected system landscape through SMSY and have maintained all the RFCs. They all OK now.
What else could force to make a connection to satellite system? And where is the place where it is hardcoded local(satellite) db2 connection entry?
Like I said before, some of the systems are being connected but some not. The one which has not been connected - there was recently changed SAP master password. I believe this is the key to resolve the problem. But the system itself operating 100% correctly.
Perhaps it could be CCMS that makes some extra connections to collect the data from the monitored systems. But I have checked all the RFC's in SM59 and they were OK.
Any ideas or suggestions would be appreciated.
Thanks in advance,
Kind regards,
Artjom.

Kaustubh Krishna,
thank you for respond.
It was dbacockpit. The connection was maintained with old db2sid password. And it was causing problematic log entries.
Problem was solved.
Points awarded.
Thanks,
kind regards,
Artyom

[Solved] Strange entries in apache access_log

Hi all,
I recently setup up a small apache server. Listing is disabled, I just wanted people who I give a full file path to be able to download specific files. I'm keeping them in ~/public_html.
If I look at /var/log/httpd/access_log, I see some entries that make sense:
138.102.68.222 - - [25/Mar/2014:20:31:13 -0500] "GET /~lefty/pictures.zip HTTP/1.1" 200 201823247
138.102.68.222 - - [25/Mar/2014:20:32:51 -0500] "GET / HTTP/1.1" 403 983
141.123.267.82 - - [25/Mar/2014:20:37:03 -0500] "GET /~lefty/pictures.zip HTTP/1.1" 200 201823247
That's me testing downloading pictures.zip (success), testing just accessing the root folder (denied 403, as I had hoped), and my friend downloading pictures.zip.
Next in the log I see some entries that contain a bunch of gibberish and get rejected:
202.175.83.131 - - [25/Mar/2014:21:56:23 -0500] "HEAD / HTTP/1.0" 403 -
202.175.83.131 - - [25/Mar/2014:21:56:23 -0500] "POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 976
202.175.83.131 - - [25/Mar/2014:21:56:24 -0500] "POST /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 976
202.175.83.131 - - [25/Mar/2014:21:56:24 -0500] "POST /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 976
202.175.83.131 - - [25/Mar/2014:21:56:25 -0500] "POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 976
202.175.83.131 - - [25/Mar/2014:21:56:26 -0500] "POST /cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 976
200.98.175.74 - - [25/Mar/2014:23:22:22 -0500] "HEAD / HTTP/1.0" 403 -
96.38.230.190 - - [26/Mar/2014:23:45:54 -0500] "\x80w\x01\x03\x01" 400 226
96.38.230.190 - - [26/Mar/2014:23:45:54 -0500] "GET /HNAP1/ HTTP/1.1" 404 1103
Should I be concerned? Also, it looks like the long strings were requesting a specific file and got 404 errors b/c it doesn't exist. What's with the short "\x80w" string that gets error 400?
Thanks,
Lefty
Last edited by LeftyAce (2014-03-29 23:24:25)

I am shocked, shocked to think someone is trying to hack you
ewaller$@$odin ~ 1006 %whois 202.175.83.131
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
% Information related to '202.175.0.0 - 202.175.127.255'
inetnum: 202.175.0.0 - 202.175.127.255
netname: CTM-MO
descr: CTM
country: MO
admin-c: CN166-AP
tech-c: CN166-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CTM-MO
mnt-routes: MAINT-CTM-MO
mnt-irt: IRT-CTM-MO
changed: [email protected] 20040130
remarks: combine all small allocation objects into a /17 object
remarks: this object can only modify by APNIC Hostmaster
status: ALLOCATED PORTABLE
changed: [email protected] 20060224
changed: [email protected] 20110701
source: APNIC
irt: IRT-CTM-MO
address: Rua da Lagos, Telecentro
address: P.O. Box 868
address: Taipa
address: Macau
e-mail: [email protected]
abuse-mailbox: [email protected]
admin-c: JC1146-AP
tech-c: HL13
auth: # Filtered
mnt-by: MAINT-CTM-MO
changed: [email protected] 20101201
source: APNIC
role: CTM NOC
nic-hdl: CN166-AP
address: CTM - Internet Business Unit
address: Rua da Lagos, Telecentro
address: P.O. Box 868, Taipa
address: Macau
country: MO
phone: +853 8912728
fax-no: +853 8912933
e-mail: [email protected]
admin-c: JC1146-AP
tech-c: HL13
notify: [email protected]
changed: [email protected] 20030530
mnt-by: MAINT-CTM-MO
source: APNIC
% Information related to '202.175.64.0/19AS4609'
route: 202.175.64.0/19
descr: CTM Internet Services
descr: Companhia de Telecomunicacoes de Macau S.A.R.L.
country: MO
origin: AS4609
remarks: Route Object - 202.175.64.0/19
mnt-by: MAINT-CTM-MO
changed: [email protected] 20060223
source: APNIC
% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS1)
ewaller$@$odin ~ 1007 %
The other IP address was in Missouri in the USA. That one was benign, or at least unsophisticated.
The Macau attack was a bit more interesting. Have you enabled php? If not, you are okay. Expect this sort of stuff. Also, expect to be fully probed by the web crawlers (Goggle, Yahoo, Duck Duck Go, and other wannabes)
Edit: Actually, the attack from Missouri might be this
Last edited by ewaller (2014-03-27 05:17:09)

I-doc processing gives strange entries

Hi,
we are currently postinf fidccp02 documents into the receiving system,
the only curious thing is that when we gather all the information at sending side
eg 1 bkpf segment
5 bseg segments
1 bset segment
the system creates on top of the bset segment another tax record when we consult
the transaction fb03.
Can we avoid that, eventually by adjusting the i-doc content?
Is there any direction in which we can find the source of the problem?
grtz,
Koen

Kaustubh Krishna,
thank you for respond.
It was dbacockpit. The connection was maintained with old db2sid password. And it was causing problematic log entries.
Problem was solved.
Points awarded.
Thanks,
kind regards,
Artyom

Strange entries in Microsoft-TerminalServices-RemoteConnectionManager%4Operational.evtx

Hi there, I am currently analyzing a Windows Server 2008, and am digging in the EVTX files. I see numeros entries of EventID 1149 ("User authentication succeeded") done by foreign IP addresses, with user names which clearly are unknown to the system. (looks
like brute-force with a dictionary file to me...) My question is simple : why do I see successful authentication on users who do not exist ? (example : john, test1, user1, and many others) I see absolutely no fail in any of those authentication, is there something
I don't get ? Thank you for your time and help, Best regards.

Hi,
Event ID 1149 — Remote Desktop Session Host Listener Availability
The listener component runs on the RD Session Host server and is responsible for listening for and accepting new Remote Desktop Protocol (RDP) client connections,
thereby allowing users to establish new remote sessions on the RD Session Host server. There is a listener for each Remote Desktop Services connection that exists on the RD Session Host server. Connections can be created and configured by using the Remote
Desktop Session Host Configuration tool.
Have you published internal terminal server services to the external network ( internet ) ? if so, this may due to external RDP scan or access, you can change your
firewall settings to see if the same issue still exists. For example, if you are using Microsoft TMG or ISA, you can change policy like below.
Allow Protocol RDP
From: Everyone
To: Local Host/Terminal server
Changing that rule to only Allow From VPN Clients & Internal network clients.
Hope this helps.
Technology changes life……

Strange entries in WRT400N Routing Tables

I was trying to setup some static routes (unsuccessfully) when I noted some wierd entries in the routing table shown when clicking the "Show Routing Table" button in the Advanced Routing section of Setup. The entries are:
Destination LAN IP Subnet Mask Gateway Hop Count Interface
151.164.184.120 255.255.255.255 * 1 Internet (WAN)
192.168.207.0 255.255.255.0 192.168.207.1 1 LAN & Wireless
239.0.0.0 255.0.0.0 * 1 LAN & Wireless
127.0.0.0 255.0.0.0 192.168.207.1 1 LAN & Wireless
default 0.0.0.0 151.164.184.120 1 Internet (WAN)
I am concerned about the entries in bold format. The address 151.164.184.120 resolves to some area in Texas although I wasn't able to find more. Any idea what this could be? Should I be concerned?
Thanks.

You have PPPoE connection. You are connected to the PPP server 151.164.184.120 at your ISP. The first route says that the 151.164.184.120 is connected to the WAN interface. The default route says that your internet connection goes to the PPP server of your ISP.

Can I add journal entries that are tagged to calender events?

I want to be able to add journal entries to certaon calender events as notes so that I can reference these at a later date. I ee ICal can;t do it, is there another app that automatically integrates with ICal that will do this. What about Evernote or Things?

You can add predefined fields using the "Card" menu and "Add Field" Submenu.
You can also change labels for multi-values properties by clicking the current label and choose "Customize"
But I don't think you can add custom fields using AddressBook.
Perhaps you should consider using other software like RubenSoft's Pack Organizer or ">Objective Decision's Contactizer
Why reward points ?

Strange entry in Cleint tag

Similar Messages

Maybe you are looking for