My server was hacked..please help
 

Im trying to find out what host is hosting this domain

********.COM

try a ping to ********.COM you get 127.0.0.1
try a ping to www.********.COM you get an ip but i have asked 5 people to ping the one with www and everyone is getting a different ip


http://www.whois.sc/********.com

shows this ip ********

i called that host they did nothing and the guy told me hes cant be hosted there because when he pings the domain he gets a different ip.

can anyone find out who hosts that domain??

is this a joke?

why do you say that?

domain: ********.com
owner: John Gerlach
email: [email protected]
address: 5424180288927848
city: Grosse Pointe Woods
state: --
postal-code: 48236
country: US
phone: +49 201 62589432
admin-c: [email protected]#0
tech-c: [email protected]#0
billing-c: [email protected]#0
nserver: ns3.free-dns-engine.com 65.19.154.30
nserver: ns4.free-dns-engine.com 66.36.229.178
status: lock
created: 2005-11-01 17:40:40 UTC
modified: 2005-11-01 17:50:20 UTC
expires: 2007-11-01 12:40:39 UTC
source: joker.com live whois service
query-time: 0.09852
db-updated: 2005-11-27 23:45:17

Current Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
IP Address: 127.0.0.1 (ARIN & RIPE IP search)
IP Location: -(-)
Lock Status: REGISTRAR-LOCK
DMOZ no listings
Y! Directory: see listings
Data as of: 14-Jun-2005

ping www.********.COM
PING www.********.com (********): 56 data bytes
64 bytes from ********: icmp_seq=0 ttl=120 time=45.615 ms
64 bytes from ********: icmp_seq=1 ttl=120 time=71.180 ms
64 bytes from ********: icmp_seq=2 ttl=120 time=48.542 ms

The ip from whois.sc is a dialup/broadband host on the east coast...the guy on the phone didnt believe thye were hosting that domain after i gave them this url

http://www.whois.sc/********.com and it showed their ip as the host.

C:\Documents and Settings\Jason>ping www.********.com

Pinging www.********.com [********] with 32 bytes of data

Reply from ********: bytes=32 time=93ms TTL=110
Reply from ********: bytes=32 time=88ms TTL=110
Reply from ********: bytes=32 time=87ms TTL=110
Reply from ********: bytes=32 time=90ms TTL=110

someone else got ******** when they pinged the domain

ugh, noob central

Name: www.********.com
Addresses: ********

id contact your dns server admin

from my server i get

ping www.********.com
PING www.********.com (********) 56(84) bytes of data.
64 bytes from ********: icmp_seq=1 ttl=118 time=46.0 ms
64 bytes from ********: icmp_seq=2 ttl=118 time=158 ms

So where is the guy hosted?

What did the guy do. take yourdomain name or change the lnading page on your server?? And you should be on the phone with the hosting comapny. YOURS!

Used an exploit in a bbs script updated the UCJ on my server to run a binary file every 2 min

the updated ucj file is still on his server!

its hosted on several hacked cable modems
probably more now thanks to this thread. enjoyed the virus it tried to install, thanks

So the ip address from http://www.whois.sc/********.com is not correct?

127.0.0.1


Aint that like your home server or somthing as in a default for a local server on a network? Since when was it fun to "Spoof" yourself?

Sounds kinky.

i dont think that whois info is correct for some reason hehe :(

the hacked ucj file he uploaded is still on that domain in a txt file

stop bumping the thread. its most likely a virus that hosts a fake tgp+virus and adds its ip to the pool. chances are its your site and you're using this thread to spread the virus. stfu already

Yeah somthing weird with this thread, maybe he logging IP's for TGP submsissions that log IP's.
Newbies beware this could spell disaster for ya if ya do submssions.