MattO

some logs from my server tonight:


2003-12-09 02:06:53 /verotellog.txt - - 80.252.128.66 - - /verotellog.txt
2003-12-09 02:06:53 /ccbill/password/verotellog.txt - - 80.252.128.66 - - /ccbill/password/verotellog.txt
2003-12-09 02:06:53 /data/verotellog.txt - - 80.252.128.66 - - /data/verotellog.txt
2003-12-09 02:06:53 /verotel/data/verotellog.txt - - 80.252.128.66 - - /verotel/data/verotellog.txt
2003-12-09 02:06:53 /cgi-bin/data/verotellog.txt - - 80.252.128.66 - - /cgi-bin/data/verotellog.txt
2003-12-09 02:06:53 /mastergate/accountcreate.cgi - - 80.252.128.66 - - /mastergate/accountcreate.cgi
2003-12-09 02:06:53 /cgibin/mastergate/count.cgi - - 80.252.128.66 - - /cgibin/mastergate/count.cgi
2003-12-09 02:06:53 /cgi-bin/mastergate/count.cgi - - 80.252.128.66 - - /cgi-bin/mastergate/count.cgi
2003-12-09 02:06:53 /cgibin/mastergate/accountcreate.cgi - - 80.252.128.66 - - /cgibin/mastergate/accountcreate.cgi
2003-12-09 02:06:53 /cgi-bin/mastergate/accountcreate.cgi - - 80.252.128.66 - - /cgi-bin/mastergate/accountcreate.cgi
2003-12-09 02:06:53 /cgi/mastergate/accountcreate.cgi - - 80.252.128.66 - - /cgi/mastergate/accountcreate.cgi
2003-12-09 02:06:53 /cgi-bin/verotel/data/verotellog.txt - - 80.252.128.66 - - /cgi-bin/verotel/data/verotellog.txt
2003-12-09 02:06:53 /cgi-bin/verotellog.txt - - 80.252.128.66 - - /cgi-bin/verotellog.txt
2003-12-09 02:06:53 /logs - - 80.252.128.66 - - /logs
2003-12-09 02:06:53 /ats/logs/rebuild.txt - - 80.252.128.66 - - /ats/logs/rebuild.txt
2003-12-09 02:06:53 /cgi-bin/user/user.cgi/admin.htm - - 80.252.128.66 - - /cgi-bin/user/user.cgi/admin.htm
2003-12-09 02:06:53 /cgi-bin/lancelot/htadmin.pl - - 80.252.128.66 - - /cgi-bin/lancelot/htadmin.pl
2003-12-09 02:06:53 /cgi-bin/lance/htadmin.pl - - 80.252.128.66 - - /cgi-bin/lance/htadmin.pl
2003-12-09 02:06:53 /lancelot/htadmin.pl - - 80.252.128.66 - - /lancelot/htadmin.pl
2003-12-09 02:06:53 /cgi-bin/htadmin.pl - - 80.252.128.66 - - /cgi-bin/htadmin.pl
2003-12-09 02:06:53 /cgi/htadmin.pl - - 80.252.128.66 - - /cgi/htadmin.pl
2003-12-09 02:06:53 /cgibin/htadmin.pl - - 80.252.128.66 - - /cgibin/htadmin.pl
2003-12-09 02:06:53 /cgibin/af.cgi - - 80.252.128.66 - - /cgibin/af.cgi
2003-12-09 02:06:53 /cgi/af.cgi - - 80.252.128.66 - - /cgi/af.cgi
2003-12-09 02:06:53 /cgi-bin/af.cgi - - 80.252.128.66 - - /cgi-bin/af.cgi
2003-12-09 02:06:53 /cgi-bin/accountcreate.cgi - - 80.252.128.66 - - /cgi-bin/accountcreate.cgi
2003-12-09 02:06:53 /log - - 80.252.128.66 - - /log
2003-12-09 02:06:53 /cgibin/user/user.cgi/admin.htm - - 80.252.128.66 - - /cgibin/user/user.cgi/admin.htm
2003-12-09 02:06:53 /cgi/lancelot/htadmin.pl - - 80.252.128.66 - - /cgi/lancelot/htadmin.pl
2003-12-09 02:06:53 /cgi/user/user.cgi/admin.htm - - 80.252.128.66 - - /cgi/user/user.cgi/admin.htm
2003-12-09 02:06:53 /cgibin/lancelot/htadmin.pl - - 80.252.128.66 - - /cgibin/lancelot/htadmin.pl
2003-12-09 02:06:53 /cgi-bin/mailinglist/mailmachine.cgi - - 80.252.128.66 - - /cgi-bin/mailinglist/mailmachine.cgi
2003-12-09 02:06:53 /cgi-bin/mail/mailmachine.cgi - - 80.252.128.66 - - /cgi-bin/mail/mailmachine.cgi
2003-12-09 02:06:53 /cgi-bin/mailmachine/mailmachine.cgi - - 80.252.128.66 - - /cgi-bin/mailmachine/mailmachine.cgi
2003-12-09 02:06:53 /cgi-bin/maillist/mailmachine.cgi - - 80.252.128.66 - - /cgi-bin/maillist/mailmachine.cgi
2003-12-09 02:06:53 /cgi-bin/globosale/htadmin.pl - - 80.252.128.66 - - /cgi-bin/globosale/htadmin.pl
2003-12-09 02:06:53 /cgi-bin/add-passwd.cgi - - 80.252.128.66 - - /cgi-bin/add-passwd.cgi
2003-12-09 02:06:53 /add-passwd.cgi - - 80.252.128.66 - - /add-passwd.cgi
2003-12-09 02:06:53 /cgi-bin/mailmachine.cgi - - 80.252.128.66 - - /cgi-bin/mailmachine.cgi
2003-12-09 02:06:53 /cgibin/add-passwd.cgi - - 80.252.128.66 - - /cgibin/add-passwd.cgi
2003-12-09 02:06:53 /cgi-bin/messages/message.cgi - - 80.252.128.66 - - /cgi-bin/messages/message.cgi
2003-12-09 02:06:53 /cgi/epoch/add-passwd.cgi - - 80.252.128.66 - - /cgi/epoch/add-passwd.cgi
2003-12-09 02:06:53 /cgi-bin/mailit.cgi - - 80.252.128.66 - - /cgi-bin/mailit.cgi
2003-12-09 02:06:53 /cgi-bin/mailform/mailform.cgi - - 80.252.128.66 - - /cgi-bin/mailform/mailform.cgi
2003-12-09 02:06:53 /cgibin/message/message.cgi - - 80.252.128.66 - - /cgibin/message/message.cgi
2003-12-09 02:06:53 /cgi/message/message.cgi - - 80.252.128.66 - - /cgi/message/message.cgi
2003-12-09 02:06:53 /cgi-bin/message.cgi - - 80.252.128.66 - - /cgi-bin/message.cgi
2003-12-09 02:06:53 /cgi-bin/mailform.cgi - - 80.252.128.66 - - /cgi-bin/mailform.cgi
2003-12-09 02:06:53 /cgi-bin/mailit.cgi - - 80.252.128.66 - - /cgi-bin/mailit.cgi
2003-12-09 02:06:53 /cgibin/message.cgi - - 80.252.128.66 - - /cgibin/message.cgi
2003-12-09 02:06:53 /cgi/message.cgi - - 80.252.128.66 - - /cgi/message.cgi
2003-12-09 02:06:53 /mailit.cgi - - 80.252.128.66 - - /mailit.cgi
2003-12-09 02:06:53 /mailform.cgi - - 80.252.128.66 - - /mailform.cgi
2003-12-09 02:06:53 /cgi-bin/clickresponder.pl - - 80.252.128.66 - - /cgi-bin/clickresponder.pl
2003-12-09 02:06:53 /cgi-bin/getacct.pl - - 80.252.128.66 - - /cgi-bin/getacct.pl
2003-12-09 02:06:53 /cgibin/getacct.pl - - 80.252.128.66 - - /cgibin/getacct.pl
2003-12-09 02:06:53 /cgi/getacct.pl - - 80.252.128.66 - - /cgi/getacct.pl
2003-12-09 02:06:53 /cgi-bin/openjournal.cgi - - 80.252.128.66 - - /cgi-bin/openjournal.cgi
2003-12-09 02:06:53 /cgi-bin/openjournal/openjournal.cgi - - 80.252.128.66 - - /cgi-bin/openjournal/openjournal.cgi
2003-12-09 02:06:53 /recon.cgi - - 80.252.128.66 - - /recon.cgi
2003-12-09 02:06:53 /cgi-bin/recon.cgi - - 80.252.128.66 - - /cgi-bin/recon.cgi
2003-12-09 02:06:53 /cgi-bin/lancelot/recon.cgi - - 80.252.128.66 - - /cgi-bin/lancelot/recon.cgi
2003-12-09 02:06:53 /cgi-bin/lance/recon.cgi - - 80.252.128.66 - - /cgi-bin/lance/recon.cgi
2003-12-09 02:06:53 /cgi-bin/survey.cgi - - 80.252.128.66 - - /cgi-bin/survey.cgi
2003-12-09 02:06:53 /cgi-bin/survey/survey.cgi - - 80.252.128.66 - - /cgi-bin/survey/survey.cgi
2003-12-09 02:06:54 /cgi-bin/commander.pl - - 80.252.128.66 - - /cgi-bin/commander.pl
2003-12-09 02:06:54 /cgi-bin/cal/calendar.pl - - 80.252.128.66 - - /cgi-bin/cal/calendar.pl
2003-12-09 02:06:54 /calendar.pl - - 80.252.128.66 - - /calendar.pl
2003-12-09 02:06:54 /calendar/calendar.pl - - 80.252.128.66 - - /calendar/calendar.pl
2003-12-09 02:06:54 /cgibin/calendar/calendar.pl - - 80.252.128.66 - - /cgibin/calendar/calendar.pl
2003-12-09 02:06:54 /cal/calendar.pl - - 80.252.128.66 - - /cal/calendar.pl
2003-12-09 02:06:54 /cgi-bin/calendar/calendar.cgi - - 80.252.128.66 - - /cgi-bin/calendar/calendar.cgi
2003-12-09 02:06:54 /cgi/calendar.cgi - - 80.252.128.66 - - /cgi/calendar.cgi
2003-12-09 02:06:54 /cgibin/calendar.cgi - - 80.252.128.66 - - /cgibin/calendar.cgi
2003-12-09 02:06:54 /cgibin/calendar/calendar.cgi - - 80.252.128.66 - - /cgibin/calendar/calendar.cgi
2003-12-09 02:06:54 /cgi/calendar/calendar.cgi - - 80.252.128.66 - - /cgi/calendar/calendar.cgi
2003-12-09 02:06:54 /calendar.cgi - - 80.252.128.66 - - /calendar.cgi
2003-12-09 02:06:54 /calendar/calendar.cgi - - 80.252.128.66 - - /calendar/calendar.cgi
2003-12-09 02:06:54 /calendarscript/calendar.cgi - - 80.252.128.66 - - /calendarscript/calendar.cgi
2003-12-09 02:06:54 /cgi-bin/calendarscript/calendar.cgi - - 80.252.128.66 - - /cgi-bin/calendarscript/calendar.cgi
2003-12-09 02:06:54 /cgi-bin/calendarscript/calendar.pl - - 80.252.128.66 - - /cgi-bin/calendarscript/calendar.pl
2003-12-09 02:06:54 /cal/calendar.cgi - - 80.252.128.66 - - /cal/calendar.cgi
2003-12-09 02:06:54 /cgi-bin/calendar.pl - - 80.252.128.66 - - /cgi-bin/calendar.pl
2003-12-09 02:06:54 /cgibin/calendar.pl - - 80.252.128.66 - - /cgibin/calendar.pl
2003-12-09 02:06:54 /cgi/calendar.pl - - 80.252.128.66 - - /cgi/calendar.pl
2003-12-09 02:06:54 /cgi-bin/calendar/calendar.pl - - 80.252.128.66 - - /cgi-bin/calendar/calendar.pl
2003-12-09 02:06:54 /ccbill/password/.htpasswd - - 80.252.128.66 - - /ccbill/password/.htpasswd
2003-12-09 02:06:54 /ccbill/secure/.htpasswd - - 80.252.128.66 - - /ccbill/secure/.htpasswd
2003-12-09 02:06:54 /ccbill/password/%2fhtpasswd - - 80.252.128.66 - - /ccbill/password/%252fhtpasswd
2003-12-09 02:06:54 /cgi-bin/Cal/calendar.cgi - - 80.252.128.66 - - /cgi-bin/Cal/calendar.cgi
2003-12-09 02:06:54 /cgi-bin/calendarorg/calendar.pl - - 80.252.128.66 - - /cgi-bin/calendarorg/calendar.pl
2003-12-09 02:06:54 /cgi-bin/calendarorg/calendar.cgi - - 80.252.128.66 - - /cgi-bin/calendarorg/calendar.cgi
2003-12-09 02:06:54 /cgi-bin/scripts/calendar.cgi - - 80.252.128.66 - - /cgi-bin/scripts/calendar.cgi
2003-12-09 02:06:54 /htadd.pl - - 80.252.128.66 - - /htadd.pl
2003-12-09 02:06:54 /cgibin/htadd.pl - - 80.252.128.66 - - /cgibin/htadd.pl
2003-12-09 02:06:54 /cgi/htadd.pl - - 80.252.128.66 - - /cgi/htadd.pl
2003-12-09 02:06:54 /cgi-bin/htadd.pl - - 80.252.128.66 - - /cgi-bin/htadd.pl
2003-12-09 02:06:54 /cgi-bin/lancelot/htadd.pl - - 80.252.128.66 - - /cgi-bin/lancelot/htadd.pl
2003-12-09 02:06:54 /cgi-bin/lance/htadd.pl - - 80.252.128.66 - - /cgi-bin/lance/htadd.pl
2003-12-09 02:06:54 /htadmin.pl - - 80.252.128.66 - - /htadmin.pl
2003-12-09 02:06:56 /cgi/add-passwd.cgi - - 80.252.128.66 - - /cgi/add-passwd.cgi
2003-12-09 02:06:56 /epoch/add-passwd.cgi - - 80.252.128.66 - - /epoch/add-passwd.cgi
2003-12-09 02:06:56 /cgi-bin/message/message.cgi - - 80.252.128.66 - - /cgi-bin/message/message.cgi
2003-12-09 02:06:56 /cgi-bin/epoch/add-passwd.cgi - - 80.252.128.66 - - /cgi-bin/epoch/add-passwd.cgi
2003-12-09 02:06:56 /cgibin/epoch/add-passwd.cgi - - 80.252.128.66 - - /cgibin/epoch/add-passwd.cgi
2003-12-09 02:06:56 /cgi-bin/calendar.cgi - - 80.252.128.66 - - /cgi-bin/calendar.cgi
2003-12-09 02:07:25 /accountcreate.cgi - - 80.252.128.66 - - /accountcreate.cgi

PenisFace

And he didn't even spoof his IP?


N-E-W-B-I-E

__________________
Need custom blog posts or articles? Hit me up: Blog And Article Writer

Yes, I can do any kind of custom orders, too!

ICQ: 641204000

GrimShawn

I got wood

Brad-Wishing

Me too! I bet at the same time.

__________________
SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60.

cluck

Nice 0-d4y 3xpl0yt list d00d.

__________________
icq 279990726
www.mcdonalds.com <- great money making opportunity

JDog

I was thinking the same thing!

jDoG

__________________
NSCash now powering ReelProfits.com
ALSO FEATURING: NSCash.com :: SoloDollars.com :: ReelProfits.com :: BiminiBucks.com :: VOD
PROGRAMS COMING SOON: Greedy Bucks :: Vengeance Cash
NOW OFFERING OVER 60 SITES
CONTACT :: JAMES SMITH :: CHIEF TECHNOLOGY OFFICER :: ICQ (711385133)

ColBigBalls

sumphatpimp

whois lookup


80.252.128.66

Record Type: IP Address
IP Location: Russian Federation - Wireless Network In Moscow Region
Reverse IP: No websites hosted using this IP address


--------------------------------------------------------------------------------
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-serv...copyright.html

inetnum: 80.252.128.0 - 80.252.135.255
netname: FlexNet
descr: Wireless network in Moscow region
country: RU
admin-c: DIFF-RIPE
tech-c: DIFF-RIPE
status: ASSIGNED PA
notify: [email protected]
mnt-by: FLEX-MNT
mnt-lower: FLEX-MNT
changed: [email protected] 20011210
source: RIPE

route: 80.252.128.0/20
descr: Flex ISP
origin: AS21453
notify: [email protected]
notify: [email protected]
mnt-by: FLEX-MNT
changed: [email protected] 20011214
source: RIPE

person: Alexey V. Morosov
address: for LTD Flex
address: Lenina sq 11
address: 142403 Noginsk, Moscow region
address: Russian Federation
phone: +7 09651 73002
fax-no: +7 09651 73002
e-mail: [email protected]
nic-hdl: DIFF-RIPE
notify: [email protected]
changed: [email protected] 19990905
source: RIPE




answer section
name type result
66.128.252.80.IN-ADDR.ARPA.
PTR
nas.schelk.flex.ru.


authority section
name type result
128.252.80.IN-ADDR.ARPA.
NS
ns.flex.ru.

128.252.80.IN-ADDR.ARPA.
NS
ns2.flex.ru.

MattO

I always see shit like this in my logs and I don't have anything exploitable to worry about but the shit bugs me when it fills up the logs

sumphatpimp

gives real meaning to the newbie question

"do I really need to secure my server?"

LOL

dnsmonster

A related article was listed on Slashdot today, worth checking out. Shows you why you should watch your scripts...

http://www.securityfocus.com/guest/24043

__________________
I couldn't possibly know what I'm talking about, I'm completely, absolutely and definitively out of my fucking mind.

OzMan84

my icq was hacked 2day

__________________
XferClick - 300,000 UV daily and growing quickly. Majority US, EU, CA and AU traffic. Contact me for more information
ICQ: 304568058

Lonny

What a dumb ass.

__________________

sumphatpimp

: 80.252.128.0 - 80.252.135.255
netname: FlexNet
descr: Wireless network in Moscow region


this hacker might have hacked into that wireless network to hide himself.

some idiot here in the state hacked a home network last week to download kid porn, could be the same kind of thing hack someones wireless then do your dirty deed, and they get blamed,