Author Topic: Have I been cracked, or what are the "real" update servers  (Read 3470 times)

0 Members and 1 Guest are viewing this topic.

mesostinky

  • Guest
Have I been cracked, or what are the "real" update servers
« on: January 05, 2004, 09:37:37 PM »
Hi all, I'm wondering about the servers that avast updates to. Although my virus defs say they are from 010204 and indeed do actually seem to be updating, It also just caught a trojan btw. I'm wondering about where they are connecting to. I had looked at this thread but it doesn't match with my list.
http://www.avast.com/forum/index.php?board=2;action=display;threadid=2106

Anyway here is where Avast connects on my PC when it does updates.

kojak.core.ignum.cz 217.31.49.10 port 80  This is a blank webhost

web.terminal.cz 195.70.130.134 port 80 this is also a blank webhost page

216.127.72.135 port 80 this redirects to avast.

Anyway, Kerio caught these and I'd really just like to hear if A) these are the real update servers and B) if they are real, what's with the blank webpages etc?? Are they mirrors? having my product update to some random webhost that doesn't say anything about Avast is very unsettling.

Responses GREATLY appreciated.


Mike

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Have I been cracked, or what are the "real" update servers
« Reply #1 on: January 05, 2004, 09:47:14 PM »
The IPs look OK.
Please kindly check this part of our avast FAQ: http://www.avast.com/i_kat_81.html#idt_1366 .

The reason you're seeing confusing web pages is that asw.cz and iavs.cz are actually web-hosted servers (not our own servers) - i.e. 'virtual servers'. That means that you need to use the DNS names to get to the appropriate avast pages, as these are not located in the root directory on these servers. If you only use the IP addresses, you're getting the contents of the root instead of the avast directory on that server...

Vlk
If at first you don't succeed, then skydiving's not for you.

mesostinky

  • Guest
Re:Have I been cracked, or what are the "real" update servers
« Reply #2 on: January 05, 2004, 10:14:26 PM »
Thanks very much for replying so soon. :) Sorry I missed the faq its usually the first place I look. I'm just a bit paranoid right now because upon last boot my laptop was showing me the registration screen to a keylooger program at startup! Who knows if I would have every caught it if the cracker had used a regged version. As I mentioned in my first post, on my other PC Avast did indeed find the program and alert me to confirm it was some software I had just installed. I'm now in the process of wiping the laptop. Needless to say Avast is going to be installed on that laptop instead of NAV. Even when I directly scanned the file NAV didn't make a peep, dam POS. Thanks again for the quick response.

Mike