GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Russian hacker at work (https://gfy.com/showthread.php?t=206691)

MattO 12-09-2003 09:44 PM
Russian hacker at work
 
some logs from my server tonight:

:ak47: :ak47:
2003-12-09 02:06:53 /verotellog.txt - - 80.252.128.66 - - /verotellog.txt
2003-12-09 02:06:53 /ccbill/password/verotellog.txt - - 80.252.128.66 - - /ccbill/password/verotellog.txt
2003-12-09 02:06:53 /data/verotellog.txt - - 80.252.128.66 - - /data/verotellog.txt
2003-12-09 02:06:53 /verotel/data/verotellog.txt - - 80.252.128.66 - - /verotel/data/verotellog.txt
2003-12-09 02:06:53 /cgi-bin/data/verotellog.txt - - 80.252.128.66 - - /cgi-bin/data/verotellog.txt
2003-12-09 02:06:53 /mastergate/accountcreate.cgi - - 80.252.128.66 - - /mastergate/accountcreate.cgi
2003-12-09 02:06:53 /cgibin/mastergate/count.cgi - - 80.252.128.66 - - /cgibin/mastergate/count.cgi
2003-12-09 02:06:53 /cgi-bin/mastergate/count.cgi - - 80.252.128.66 - - /cgi-bin/mastergate/count.cgi
2003-12-09 02:06:53 /cgibin/mastergate/accountcreate.cgi - - 80.252.128.66 - - /cgibin/mastergate/accountcreate.cgi
2003-12-09 02:06:53 /cgi-bin/mastergate/accountcreate.cgi - - 80.252.128.66 - - /cgi-bin/mastergate/accountcreate.cgi
2003-12-09 02:06:53 /cgi/mastergate/accountcreate.cgi - - 80.252.128.66 - - /cgi/mastergate/accountcreate.cgi
2003-12-09 02:06:53 /cgi-bin/verotel/data/verotellog.txt - - 80.252.128.66 - - /cgi-bin/verotel/data/verotellog.txt
2003-12-09 02:06:53 /cgi-bin/verotellog.txt - - 80.252.128.66 - - /cgi-bin/verotellog.txt
2003-12-09 02:06:53 /logs - - 80.252.128.66 - - /logs
2003-12-09 02:06:53 /ats/logs/rebuild.txt - - 80.252.128.66 - - /ats/logs/rebuild.txt
2003-12-09 02:06:53 /cgi-bin/user/user.cgi/admin.htm - - 80.252.128.66 - - /cgi-bin/user/user.cgi/admin.htm
2003-12-09 02:06:53 /cgi-bin/lancelot/htadmin.pl - - 80.252.128.66 - - /cgi-bin/lancelot/htadmin.pl
2003-12-09 02:06:53 /cgi-bin/lance/htadmin.pl - - 80.252.128.66 - - /cgi-bin/lance/htadmin.pl
2003-12-09 02:06:53 /lancelot/htadmin.pl - - 80.252.128.66 - - /lancelot/htadmin.pl
2003-12-09 02:06:53 /cgi-bin/htadmin.pl - - 80.252.128.66 - - /cgi-bin/htadmin.pl
2003-12-09 02:06:53 /cgi/htadmin.pl - - 80.252.128.66 - - /cgi/htadmin.pl
2003-12-09 02:06:53 /cgibin/htadmin.pl - - 80.252.128.66 - - /cgibin/htadmin.pl
2003-12-09 02:06:53 /cgibin/af.cgi - - 80.252.128.66 - - /cgibin/af.cgi
2003-12-09 02:06:53 /cgi/af.cgi - - 80.252.128.66 - - /cgi/af.cgi
2003-12-09 02:06:53 /cgi-bin/af.cgi - - 80.252.128.66 - - /cgi-bin/af.cgi
2003-12-09 02:06:53 /cgi-bin/accountcreate.cgi - - 80.252.128.66 - - /cgi-bin/accountcreate.cgi
2003-12-09 02:06:53 /log - - 80.252.128.66 - - /log
2003-12-09 02:06:53 /cgibin/user/user.cgi/admin.htm - - 80.252.128.66 - - /cgibin/user/user.cgi/admin.htm
2003-12-09 02:06:53 /cgi/lancelot/htadmin.pl - - 80.252.128.66 - - /cgi/lancelot/htadmin.pl
2003-12-09 02:06:53 /cgi/user/user.cgi/admin.htm - - 80.252.128.66 - - /cgi/user/user.cgi/admin.htm
2003-12-09 02:06:53 /cgibin/lancelot/htadmin.pl - - 80.252.128.66 - - /cgibin/lancelot/htadmin.pl
2003-12-09 02:06:53 /cgi-bin/mailinglist/mailmachine.cgi - - 80.252.128.66 - - /cgi-bin/mailinglist/mailmachine.cgi
2003-12-09 02:06:53 /cgi-bin/mail/mailmachine.cgi - - 80.252.128.66 - - /cgi-bin/mail/mailmachine.cgi
2003-12-09 02:06:53 /cgi-bin/mailmachine/mailmachine.cgi - - 80.252.128.66 - - /cgi-bin/mailmachine/mailmachine.cgi
2003-12-09 02:06:53 /cgi-bin/maillist/mailmachine.cgi - - 80.252.128.66 - - /cgi-bin/maillist/mailmachine.cgi
2003-12-09 02:06:53 /cgi-bin/globosale/htadmin.pl - - 80.252.128.66 - - /cgi-bin/globosale/htadmin.pl
2003-12-09 02:06:53 /cgi-bin/add-passwd.cgi - - 80.252.128.66 - - /cgi-bin/add-passwd.cgi
2003-12-09 02:06:53 /add-passwd.cgi - - 80.252.128.66 - - /add-passwd.cgi
2003-12-09 02:06:53 /cgi-bin/mailmachine.cgi - - 80.252.128.66 - - /cgi-bin/mailmachine.cgi
2003-12-09 02:06:53 /cgibin/add-passwd.cgi - - 80.252.128.66 - - /cgibin/add-passwd.cgi
2003-12-09 02:06:53 /cgi-bin/messages/message.cgi - - 80.252.128.66 - - /cgi-bin/messages/message.cgi
2003-12-09 02:06:53 /cgi/epoch/add-passwd.cgi - - 80.252.128.66 - - /cgi/epoch/add-passwd.cgi
2003-12-09 02:06:53 /cgi-bin/mailit.cgi - - 80.252.128.66 - - /cgi-bin/mailit.cgi
2003-12-09 02:06:53 /cgi-bin/mailform/mailform.cgi - - 80.252.128.66 - - /cgi-bin/mailform/mailform.cgi
2003-12-09 02:06:53 /cgibin/message/message.cgi - - 80.252.128.66 - - /cgibin/message/message.cgi
2003-12-09 02:06:53 /cgi/message/message.cgi - - 80.252.128.66 - - /cgi/message/message.cgi
2003-12-09 02:06:53 /cgi-bin/message.cgi - - 80.252.128.66 - - /cgi-bin/message.cgi
2003-12-09 02:06:53 /cgi-bin/mailform.cgi - - 80.252.128.66 - - /cgi-bin/mailform.cgi
2003-12-09 02:06:53 /cgi-bin/mailit.cgi - - 80.252.128.66 - - /cgi-bin/mailit.cgi
2003-12-09 02:06:53 /cgibin/message.cgi - - 80.252.128.66 - - /cgibin/message.cgi
2003-12-09 02:06:53 /cgi/message.cgi - - 80.252.128.66 - - /cgi/message.cgi
2003-12-09 02:06:53 /mailit.cgi - - 80.252.128.66 - - /mailit.cgi
2003-12-09 02:06:53 /mailform.cgi - - 80.252.128.66 - - /mailform.cgi
2003-12-09 02:06:53 /cgi-bin/clickresponder.pl - - 80.252.128.66 - - /cgi-bin/clickresponder.pl
2003-12-09 02:06:53 /cgi-bin/getacct.pl - - 80.252.128.66 - - /cgi-bin/getacct.pl
2003-12-09 02:06:53 /cgibin/getacct.pl - - 80.252.128.66 - - /cgibin/getacct.pl
2003-12-09 02:06:53 /cgi/getacct.pl - - 80.252.128.66 - - /cgi/getacct.pl
2003-12-09 02:06:53 /cgi-bin/openjournal.cgi - - 80.252.128.66 - - /cgi-bin/openjournal.cgi
2003-12-09 02:06:53 /cgi-bin/openjournal/openjournal.cgi - - 80.252.128.66 - - /cgi-bin/openjournal/openjournal.cgi
2003-12-09 02:06:53 /recon.cgi - - 80.252.128.66 - - /recon.cgi
2003-12-09 02:06:53 /cgi-bin/recon.cgi - - 80.252.128.66 - - /cgi-bin/recon.cgi
2003-12-09 02:06:53 /cgi-bin/lancelot/recon.cgi - - 80.252.128.66 - - /cgi-bin/lancelot/recon.cgi
2003-12-09 02:06:53 /cgi-bin/lance/recon.cgi - - 80.252.128.66 - - /cgi-bin/lance/recon.cgi
2003-12-09 02:06:53 /cgi-bin/survey.cgi - - 80.252.128.66 - - /cgi-bin/survey.cgi
2003-12-09 02:06:53 /cgi-bin/survey/survey.cgi - - 80.252.128.66 - - /cgi-bin/survey/survey.cgi
2003-12-09 02:06:54 /cgi-bin/commander.pl - - 80.252.128.66 - - /cgi-bin/commander.pl
2003-12-09 02:06:54 /cgi-bin/cal/calendar.pl - - 80.252.128.66 - - /cgi-bin/cal/calendar.pl
2003-12-09 02:06:54 /calendar.pl - - 80.252.128.66 - - /calendar.pl
2003-12-09 02:06:54 /calendar/calendar.pl - - 80.252.128.66 - - /calendar/calendar.pl
2003-12-09 02:06:54 /cgibin/calendar/calendar.pl - - 80.252.128.66 - - /cgibin/calendar/calendar.pl
2003-12-09 02:06:54 /cal/calendar.pl - - 80.252.128.66 - - /cal/calendar.pl
2003-12-09 02:06:54 /cgi-bin/calendar/calendar.cgi - - 80.252.128.66 - - /cgi-bin/calendar/calendar.cgi
2003-12-09 02:06:54 /cgi/calendar.cgi - - 80.252.128.66 - - /cgi/calendar.cgi
2003-12-09 02:06:54 /cgibin/calendar.cgi - - 80.252.128.66 - - /cgibin/calendar.cgi
2003-12-09 02:06:54 /cgibin/calendar/calendar.cgi - - 80.252.128.66 - - /cgibin/calendar/calendar.cgi
2003-12-09 02:06:54 /cgi/calendar/calendar.cgi - - 80.252.128.66 - - /cgi/calendar/calendar.cgi
2003-12-09 02:06:54 /calendar.cgi - - 80.252.128.66 - - /calendar.cgi
2003-12-09 02:06:54 /calendar/calendar.cgi - - 80.252.128.66 - - /calendar/calendar.cgi
2003-12-09 02:06:54 /calendarscript/calendar.cgi - - 80.252.128.66 - - /calendarscript/calendar.cgi
2003-12-09 02:06:54 /cgi-bin/calendarscript/calendar.cgi - - 80.252.128.66 - - /cgi-bin/calendarscript/calendar.cgi
2003-12-09 02:06:54 /cgi-bin/calendarscript/calendar.pl - - 80.252.128.66 - - /cgi-bin/calendarscript/calendar.pl
2003-12-09 02:06:54 /cal/calendar.cgi - - 80.252.128.66 - - /cal/calendar.cgi
2003-12-09 02:06:54 /cgi-bin/calendar.pl - - 80.252.128.66 - - /cgi-bin/calendar.pl
2003-12-09 02:06:54 /cgibin/calendar.pl - - 80.252.128.66 - - /cgibin/calendar.pl
2003-12-09 02:06:54 /cgi/calendar.pl - - 80.252.128.66 - - /cgi/calendar.pl
2003-12-09 02:06:54 /cgi-bin/calendar/calendar.pl - - 80.252.128.66 - - /cgi-bin/calendar/calendar.pl
2003-12-09 02:06:54 /ccbill/password/.htpasswd - - 80.252.128.66 - - /ccbill/password/.htpasswd
2003-12-09 02:06:54 /ccbill/secure/.htpasswd - - 80.252.128.66 - - /ccbill/secure/.htpasswd
2003-12-09 02:06:54 /ccbill/password/%2fhtpasswd - - 80.252.128.66 - - /ccbill/password/%252fhtpasswd
2003-12-09 02:06:54 /cgi-bin/Cal/calendar.cgi - - 80.252.128.66 - - /cgi-bin/Cal/calendar.cgi
2003-12-09 02:06:54 /cgi-bin/calendarorg/calendar.pl - - 80.252.128.66 - - /cgi-bin/calendarorg/calendar.pl
2003-12-09 02:06:54 /cgi-bin/calendarorg/calendar.cgi - - 80.252.128.66 - - /cgi-bin/calendarorg/calendar.cgi
2003-12-09 02:06:54 /cgi-bin/scripts/calendar.cgi - - 80.252.128.66 - - /cgi-bin/scripts/calendar.cgi
2003-12-09 02:06:54 /htadd.pl - - 80.252.128.66 - - /htadd.pl
2003-12-09 02:06:54 /cgibin/htadd.pl - - 80.252.128.66 - - /cgibin/htadd.pl
2003-12-09 02:06:54 /cgi/htadd.pl - - 80.252.128.66 - - /cgi/htadd.pl
2003-12-09 02:06:54 /cgi-bin/htadd.pl - - 80.252.128.66 - - /cgi-bin/htadd.pl
2003-12-09 02:06:54 /cgi-bin/lancelot/htadd.pl - - 80.252.128.66 - - /cgi-bin/lancelot/htadd.pl
2003-12-09 02:06:54 /cgi-bin/lance/htadd.pl - - 80.252.128.66 - - /cgi-bin/lance/htadd.pl
2003-12-09 02:06:54 /htadmin.pl - - 80.252.128.66 - - /htadmin.pl
2003-12-09 02:06:56 /cgi/add-passwd.cgi - - 80.252.128.66 - - /cgi/add-passwd.cgi
2003-12-09 02:06:56 /epoch/add-passwd.cgi - - 80.252.128.66 - - /epoch/add-passwd.cgi
2003-12-09 02:06:56 /cgi-bin/message/message.cgi - - 80.252.128.66 - - /cgi-bin/message/message.cgi
2003-12-09 02:06:56 /cgi-bin/epoch/add-passwd.cgi - - 80.252.128.66 - - /cgi-bin/epoch/add-passwd.cgi
2003-12-09 02:06:56 /cgibin/epoch/add-passwd.cgi - - 80.252.128.66 - - /cgibin/epoch/add-passwd.cgi
2003-12-09 02:06:56 /cgi-bin/calendar.cgi - - 80.252.128.66 - - /cgi-bin/calendar.cgi
2003-12-09 02:07:25 /accountcreate.cgi - - 80.252.128.66 - - /accountcreate.cgi


PenisFace 12-09-2003 09:46 PM
And he didn't even spoof his IP?


N-E-W-B-I-E

GrimShawn 12-09-2003 09:46 PM
I got wood

Brad-Wishing 12-09-2003 09:47 PM
Quote:
Originally posted by GrimShawn
I got wood
Me too! I bet at the same time.

cluck 12-09-2003 09:49 PM
Nice 0-d4y 3xpl0yt list d00d.

JDog 12-09-2003 09:51 PM
Quote:
Originally posted by PenisFace
And he didn't even spoof his IP?


N-E-W-B-I-E
:1orglaugh I was thinking the same thing!

jDoG

ColBigBalls 12-09-2003 09:54 PM
http://images.bravenet.com/common/images/stop.gif

sumphatpimp 12-09-2003 09:58 PM
whois lookup


80.252.128.66

Record Type: IP Address
IP Location: Russian Federation - Wireless Network In Moscow Region
Reverse IP: No websites hosted using this IP address


--------------------------------------------------------------------------------
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-serv...copyright.html

inetnum: 80.252.128.0 - 80.252.135.255
netname: FlexNet
descr: Wireless network in Moscow region
country: RU
admin-c: DIFF-RIPE
tech-c: DIFF-RIPE
status: ASSIGNED PA
notify: [email protected]
mnt-by: FLEX-MNT
mnt-lower: FLEX-MNT
changed: [email protected] 20011210
source: RIPE

route: 80.252.128.0/20
descr: Flex ISP
origin: AS21453
notify: [email protected]
notify: [email protected]
mnt-by: FLEX-MNT
changed: [email protected] 20011214
source: RIPE

person: Alexey V. Morosov
address: for LTD Flex
address: Lenina sq 11
address: 142403 Noginsk, Moscow region
address: Russian Federation
phone: +7 09651 73002
fax-no: +7 09651 73002
e-mail: [email protected]
nic-hdl: DIFF-RIPE
notify: [email protected]
changed: [email protected] 19990905
source: RIPE




answer section
name type result
66.128.252.80.IN-ADDR.ARPA.
PTR
nas.schelk.flex.ru.


authority section
name type result
128.252.80.IN-ADDR.ARPA.
NS
ns.flex.ru.

128.252.80.IN-ADDR.ARPA.
NS
ns2.flex.ru.

MattO 12-09-2003 10:03 PM
I always see shit like this in my logs and I don't have anything exploitable to worry about but the shit bugs me when it fills up the logs

sumphatpimp 12-09-2003 10:08 PM
gives real meaning to the newbie question

"do I really need to secure my server?"

LOL

dnsmonster 12-09-2003 10:11 PM
A related article was listed on Slashdot today, worth checking out. Shows you why you should watch your scripts...

http://www.securityfocus.com/guest/24043

OzMan84 12-09-2003 10:12 PM
my icq was hacked 2day:(

Lonny 12-09-2003 10:13 PM
What a dumb ass.



Quote:
Originally posted by PenisFace
And he didn't even spoof his IP?


N-E-W-B-I-E

sumphatpimp 12-09-2003 10:18 PM
: 80.252.128.0 - 80.252.135.255
netname: FlexNet
descr: Wireless network in Moscow region


this hacker might have hacked into that wireless network to hide himself.

some idiot here in the state hacked a home network last week to download kid porn, could be the same kind of thing hack someones wireless then do your dirty deed, and they get blamed,


All times are GMT -7. The time now is 12:06 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123