NYCPHP Meetup

NYPHP.org

[nycphp-talk] email injection bot taking a break?

Anirudh Zala arzala at gmail.com
Fri Sep 23 05:27:41 EDT 2005 

Yeah, some break in strom. Still attackes have not been stopped totally 
yet but frequency has been lowered down considerably. May be due to 
actions taken to improve code against such attacks or hacker/crackers 
himself just wanted to search vulnerable domain to be used for sending 
emails for some other purpose.

We have now enough record of IPs that have been used for such attacks, 
and my analysis suggest that we received attacks on our many domains 
from various parts of the world. And the servers used for this malacious 
purpose belong to schools, universities and some small scale companies. 
Below, you can see some IPs and contact persons who directly or 
undirectly connected with control of those servers. I have used 
http://www.geobytes.com/IpLocator.htm?GetLocation website to track 
location of these servers and then used WHOIS system to search persons 
who are directly or indirectly connected to it.

80.82.3.143	netreg at epix.net
205.238.226.40	sr.internet at infocamere.it
212.75.80.242	rolf.carlsson at atlascopco.com
66.199.163.240	eddie at onespeed.com

Thanks

Anirudh Zala

----------------------------------------------------------------
Anirudh Zala (Production Manager),    ASPL, 814-815, Star Plaza,
Ph: +91 281 245 1894                  Phhulchhab Square,
anirudh at aspl.in                       Rajkot 360001, Gujarat
http://www.aspl.in                    INDIA
----------------------------------------------------------------



David Mintz wrote:

>I was logging and emailing myself every time one of my contact.php pages
>was being abused by our little friend who inspired the latest Phundie
>article. It was cranking for a couple weeks, but has lately dropped to
>zero visits/day.
>
>Anybody else observed a similar trend, or am i just lucky?
>
>
>---
>David Mintz
>http://davidmintz.org/
>_______________________________________________
>New York PHP Talk Mailing List
>AMP Technology
>Supporting Apache, MySQL and PHP
>http://lists.nyphp.org/mailman/listinfo/talk
>http://www.nyphp.org
>
>  
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20050923/6657e3a7/attachment.html>

More information about the talk mailing list