Inactive Is this a hack?

[thomasglee]

This morning, while I was still in bed, I heard my printer spit out a page. I went to see what it was, and the attached is what I found. I'm thinking this is an indication of a hack from the searches I've done online. Is there anything I can do? Will just resetting my modem help?

I think this happened on a PC my wife uses (I use Macs) to watch videos from Asia.

 

[Bobbye]

What is ProxyJudge?

2 Privacy.com offers you a collection of Online Tests that allow you to check IP address, get detailed IP Whois information, determine IP or Domain geographic location (geo IP Location including Country, State/Province,City, etc.), check if the proxy you are using is truly anonymous, detect how private you are while surfing.

http://www.2privacy.com/www/IP_Check_IP_Address/Proxy_Judge_Test.html

Please review the information given on the referenced site.

I don't have enough information to tell you if it was a 'hack.'

 

[thomasglee]

Thanks. But isn't it weird that just printed out on it's own?

I don't know what Proxy judge is, but when I ran a google search on that string, it says that it's used by remote hackers to test vulnerabilities. Since it says, "keep-alive", I'm assuming they found a hack and are trying to exploit it. The language codes are Taiwan/PRC.

I'm using all Mac computers and we have only one windows computer. I'm not using Mozilla, yet when I ran the test you mentioned, it said I was using Mozilla. When I'm trying to run a "whois" using the site you linked to, it keeps telling me I'm putting in the "Wrong Turning Number!".

 

[Bobbye]

Okay, I gathered some information for you: I've Broken down the parts of the message and given you some links: Consensus: Some kid, also know a "script kiddie", at a internet cafe in China, is trying to use a proxy server to access your server and reached the print server.

"If you see words like ProxyFire, fastenv etc. in GET requests, does that mean a hack attack ?"
More like a probe than an attack- trying to work out whether you're running recognised software behind your server, so he knows which of his other scripts to use to try and hack for real-it's the server they're going after, not your desktop.

The best thing to do is to repeat them yourself on your server, and see if they do anything that you don't want. Normally if you just get a "404" response, there's nothing to worry about (assuming that there are isolated occurrences. If they're persistent and very frequent, that's another problem)

Source Information-Security (LinkedIn)

It says "Mozilla 4.0 (compatible, MSIE 6.0, Windows NT 5.1
It means it compatible with all of these- I think.

Accept-Language: zh-cns the Chinese language
zh-cn Chinese (PRC)
http://msdn.microsoft.com/en-us/library/ms533052(v=vs.85).aspx

Connection: Keep Alive>
A keepalive is a message sent by one device to another to check that the link between the two is operating, or to prevent this link from being broken.

GET HTTP: http://www.w3.org/2001/tag/doc/whenToUseGet-20040321

Language Codes:
ISO 639-1 zh
http://en.wikipedia.org/wiki/Chinese_language