Archive > Ask EuroHarmony
Website down
EHM-0641 Rico:
Target: www.h4cky0u.org
Date: 02/24/2006 (Friday), 03:15:05
Nodes: 3
Node Data
Node Net Reg IP Address Location Node Name
3 1 1 213.150.45.197 Unknown www.h4cky0u.org
Information related to '213.150.45.192 - 213.150.45.207'
inetnum: 213.150.45.192 - 213.150.45.207
netname: CUST005517
descr: InterXion Denmark ApS
country: DK
admin-c: WTC2-RIPE
tech-c: WTC2-RIPE
status: ASSIGNED PA
mnt-by: TJANTIK-MNT
source: RIPE Filtered
role: WEBPARTNER Technical Contact
address: WEBPARTNER A/S
address: Aarhusgade 88, 5.sal
address: DK-2100 Copenhagen Oe
phone: +45 70 26 23 00
fax-no: +45 70 26 23 01
admin-c: NSG
admin-c: RH128-RIPE
tech-c: NSG
tech-c: RH128-RIPE
mnt-by: TJANTIK-MNT
nic-hdl: WTC2-RIPE
abuse-mailbox: abuse@webpartner.dk
remarks: ************************************************************
remarks: *** In case of abuse, please contact abuse@webpartner.dk ***
remarks: ************************************************************
source: RIPE Filtered
Information related to '213.150.32.0/19AS9167'
route: 213.150.32.0/19
descr: WEBPARTNER A/S
origin: AS9167
mnt-by: TJANTIK-MNT
EHM-0641 Rico:
Contact their ISP, and tell them what tey did..
Submitt a complaint to InterPol, and also to FBI Hackerwatch, containg the above info
EHM-0641 Rico:
Some more info:
Target: www.h4cky0u.org.com
Date: 02/24/2006 (Friday), 03:27:54
Nodes: 3
Node Data
Node Net Reg IP Address Location Node Name
3 1 1 216.234.246.153 Unknown www.h4cky0u.org.com
Network Data
Network id#: 1
OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 1333 North Stemmons Freeway
Address: Suite 110
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US
NetRange: 216.234.224.0 - 216.234.255.255
CIDR: 216.234.224.0/19
NetName: THEPLANET-BLK-1
NetHandle: NET-216-234-224-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.THEPLANET.COM
NameServer: NS2.THEPLANET.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1999-08-31
Updated: 2000-10-10
RTechHandle: PP46-ARIN
RTechName: Pathos, Peter
RTechPhone: +1-214-782-7800
RTechEmail: admins@theplanet.com
OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-214-782-7802
OrgAbuseEmail: abuse@theplanet.com
OrgNOCHandle: TECHN33-ARIN
OrgNOCName: Technical Support
OrgNOCPhone: +1-214-782-7800
OrgNOCEmail: admins@theplanet.com
OrgTechHandle: TECHN33-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-214-782-7800
OrgTechEmail: admins@theplanet.com
EHM-0948 Bruno:
Hi,
The site is up again. We discovered that they were also attacking us via a special file that we had on our servers. This file was removed, so let's hope that now everything is okay.
Also, the ISP provider had a security breach on their shell access (something that not even us have access!) and they are analysing it.
I also discovered how all of this could be possible:
1. The hacker discovered a way to upload files to our server via a special file on the server.
2. The hacker uploaded a C file that had run on the cgi-bin directory, then the file moved to another place that I discovered.
3. This C file opened a breach backdoor on the server via ports 8008 and 8001 for him to have access to the shell.
4. The guy injected some files saying that childish things that we saw, but the intention (yes, he wrote me an email) was not to harm us but to show that our site was vurnerable.
Ok, on the email he gave a link where I could see information on how they got inside our site, but I also got a strange message from a guy that says that he wants revenge on our company :o .
The link is: http://nostur.squareownz.net/index.php?n=modules/forum&a=3&d=10&o=24&q=12
Regards, and let's hope all of this is solved out.
Bruno.
EHM-1651 Christian:
Well then I know whoo was trying to get into my computer to, my firewall detected 37 atempts to gain entrance from an ip within that range.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version