|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
02-18-2004, 04:47 AM
|
#1 |
|
So Fucking Banned
Join Date: Sep 2001
Location: shell beach
Posts: 7,938
|
Brute Password Hack
... guess that's how is looks like ?
213.67.45.221 - [18/Feb/2004:02:45:19 +0000] "GET XXX.XXX.XXX.XXX/nothing.txt" 200 200 http://XXX.XXX.XXX.XXX/cgi-bin/pennywize/pennyw.cgi [Mozilla/4.0%20(compatible;%20MSIE%206.0;%20Windows%20NT%20 5.1)] 213.67.45.221 - [18/Feb/2004:02:45:19 +0000] "GET XXX.XXX.XXX.XXX/nothing.txt" 200 200 http://XXX.XXX.XXX.XXX/cgi-bin/r_manage.cgi [Mozilla/4.0%20(compatible;%20MSIE%206.0;%20Windows%20NT%20 5.1)] 213.67.45.221 - [18/Feb/2004:02:45:19 +0000] "GET XXX.XXX.XXX.XXX/nothing.txt" 200 200 http://XXX.XXX.XXX.XXX/cgi/add-passwd.cgi [Mozilla/4.0%20(compatible;%20MSIE%206.0;%20Windows%20NT%20 5.1)] 213.67.45.221 - [18/Feb/2004:02:45:19 +0000] "GET XXX.XXX.XXX.XXX/nothing.txt" 200 200 http://XXX.XXX.XXX.XXX/cgibin//add-passwd.cgi [Mozilla/4.0%20(compatible;%20MSIE%206.0;%20Windows%20NT%20 5.1)] 213.67.45.221 - [18/Feb/2004:02:45:19 +0000] "GET XXX.XXX.XXX.XXX/nothing.txt" 200 200 http://XXX.XXX.XXX.XXX/cgibin/recon.cgi [Mozilla/4.0%20(compatible;%20MSIE%206.0;%20Windows%20NT%20 5.1)] 213.67.45.221 - [18/Feb/2004:02:45:19 +0000] "GET XXX.XXX.XXX.XXX/nothing.txt" 200 200 http://XXX.XXX.XXX.XXX/epoch/add-passwd.cgi [Mozilla/4.0%20(compatible;%20MSIE%206.0;%20Windows%20NT%20 5.1)] 213.67.45.221 - [18/Feb/2004:02:45:19 +0000] "GET XXX.XXX.XXX.XXX/template.html" 200 3986 http://XXX.XXX.XXX.XXX/data/verotellog.txt [Mozilla/4.0%20(compatible;%20MSIE%206.0;%20Windows%20NT%20 5.1)] 213.67.45.221 - [18/Feb/2004:02:45:19 +0000] "GET XXX.XXX.XXX.XXX/template.html" 200 3819 http://XXX.XXX.XXX.XXX/epwd/.passwd [Mozilla/4.0%20(compatible;%20MSIE%206.0;%20Windows%20NT%20 5.1)] 213.67.45.221 - [18/Feb/2004:02:45:19 +0000] "GET XXX.XXX.XXX.XXX/template.html" 200 3407 http://XXX.XXX.XXX.XXX/ibill/.passwd [Mozilla/4.0%20(compatible;%20MSIE%206.0;%20Windows%20NT%20 5.1)] 213.67.45.221 - [18/Feb/2004:02:45:19 +0000] "GET XXX.XXX.XXX.XXX/nothing.txt" 200 200 http://XXX.XXX.XXX.XXX/nbmember.cgi [Mozilla/4.0%20(compatible;%20MSIE%206.0;%20Windows%20NT%20 5.1)] 213.67.45.221 - [18/Feb/2004:02:45:20 +0000] "GET XXX.XXX.XXX.XXX/nothing.txt" 200 200 http://XXX.XXX.XXX.XXX/cgi-bin/glocation.cgi [Mozilla/4.0%20(compatible;%20MSIE%206.0;%20Windows%20NT%20 5.1)] 213.67.45.221 - [18/Feb/2004:02:45:20 +0000] "GET XXX.XXX.XXX.XXX/template.html" 200 3570 http://XXX.XXX.XXX.XXX//.passwd [Mozilla/4.0%20(compatible;%20MSIE%206.0;%20Windows%20NT%20 5.1)] 213.67.45.221 - [18/Feb/2004:02:45:20 +0000] "GET XXX.XXX.XXX.XXX/nothing.txt" 200 200 http://XXX.XXX.XXX.XXX/cgi-bin/pennywize/penny.pl.bak [Mozilla/4.0%20(compatible;%20MSIE%206.0;%20Windows%20NT%20 5.1)] 213.67.45.221 - [18/Feb/2004:02:45:20 +0000] "GET XXX.XXX.XXX.XXX/template.html" 200 3644 http://XXX.XXX.XXX.XXX/passwd/.htpasswd [Mozilla/4.0%20(compatible;%20MSIE%206.0;%20Windows%20NT%20 5.1)] ... and that's what it stops: /sbin/route add -host 213.67.45.221 127.0.0.1 ... and that's who it is: TeliaSonera AB (TELIA2-DOM) Marbackegatan 11 Farsta, - s-123 86 SE Domain Name: TELIA.COM Administrative Contact: TeliaSonera AB (LOLVXQTUPO) [email protected] Box 10066 Stockholm, - s-121 27 SE +46 8 456 81 28 fax: +46 8 456 89 85 Technical Contact: TeliaSonera AB (VOACPYJEEO) [email protected] Box 10707 Stockholm, - s-121 29 SE +46 8 456 89 30 fax: +46 8 456 89 35 Record expires on 18-Aug-2011. Record created on 19-Aug-1995. Database last updated on 18-Feb-2004 06:48:16 EST. Domain servers in listed order: DNS1.TELIA.COM 194.22.190.10 DNS2.TELIA.COM 194.22.194.14 NS.TELIA.SE 131.115.15.7 NS2.CW.NET 204.70.57.242 |
|
|
|
02-18-2004, 06:05 AM
|
#2 |
|
Confirmed User
Join Date: May 2003
Posts: 265
|
Anon proxy ?
I doubt anybody from such a corp hacks. |
|
|
|
|
02-18-2004, 06:25 AM
|
#3 |
|
Confirmed User
Join Date: Aug 2003
Posts: 4,668
|
Telia is the biggest phonecompany in Sweden and I donīt think they hack your sites!
|
|
|
|
|
02-18-2004, 06:25 AM
|
#4 |
|
Confirmed User
Join Date: Nov 2002
Posts: 7,761
|
Take that ip and plug it into your browser under http proxy.... try using it as ports 80 8080 3128 65506 6588 28998 and hitting google or something...
There are more ports that people use.. but those are the common ones. If google comes up, its an open proxy. Heh.. don't leave your box running like that though.. any site you hit the infromation you submit will now go through that proxy first. |
|
|
|
|
02-18-2004, 06:31 AM
|
#5 | |
|
So Fucking Banned
Join Date: Sep 2001
Location: shell beach
Posts: 7,938
|
Quote:
... do yourself a favour and block it from accessing your sites, that's why I posted it here. |
|
|
|
|
|
02-18-2004, 09:03 AM
|
#6 |
|
Confirmed User
Join Date: Oct 2002
Posts: 3,745
|
Telia provides dialup service, don't they?
So it could very well be a Telia customer attacking. The attacker was ttrying to find your password add script from your processor so they could add their own usernames and passwords. Had it been a brute force attack, Strongbox would have emailed you and told you all about it. What's that, you don't have Strongbox? Well then I guess you wouldn't have known about it unless you just happened to look at your logs 
__________________
For historical display only. This information is not current: support@bettercgi.com ICQ 7208627 Strongbox - The next generation in site security Throttlebox - The next generation in bandwidth control Clonebox - Backup and disaster recovery on steroids |
|
|
|
|
02-18-2004, 09:57 AM
|
#7 |
|
Confirmed User
Join Date: Nov 2002
Location: A deep dark place.
Posts: 314
|
That's not a brute force attack, that's just a hack attempt. Either to add username/passwords as the guy above said, or possibly to try and gain root access thru an exploit. Some of those older programs had gaping security holes.
I get scans like that about a hundred times a day, usually quite short as they swing round loadsa different servers. They are no big deal, just make sure your running uptodate software of everything and your usually safe. They only become a danger if the guy really wants to spend time to break your box, in which case all the 'strongboxs' in the world won't help you. Only a security admin will, and even then there's a risk. Backup servers rule  Incidentally, I would report the attempt to whoever owns the IP. I did it once to someone attempting from a telewest router. Must have been an engineer I guess. Sent them the logs, times and that the guy was trying to hack an 'adult entertainment site'. They investigated and told me indirectly that the guy had been terminated. Well worth doing. It's one time when being an adult webmaster is a good thing, I'm sure it was just that he was trying to access porn on the job that got them going
__________________
In 1904, Charles Newman-Berry connected two abacus's together using specially enhanced GrapeVine thus inventing the first Internet connection. NEWMAN-BERRY CASH Paying webmaster since 1904 |
|
|
|
