[WsIRT#892] Two r57shells at AS6893

 CastleCops -> WsIRT Reports
Author: Paul PostPosted: Mon Dec 17, 2007 1:45 am    Post subject: [WsIRT#892] Two r57shells at AS6893
Attack Alert
 
 Full Report: CastleCops Link/r57shell_attack892.html
 
 Consumed following related reports:

[893] http://www.rhinoportail.com/cache/bawoek.cute??
Changed status to confirmed attack.
IP Converted: 62.220.146.16

dword = 1054642704
hex1 = 0x3edc9210
hex2 = 0x3e.0xdc.0x92.0x10
oct = 076.0334.0222.020
At least two scripts on this server are known as the r57 shell. Attackers are attempting to inject these scripts into remote webservers to compromise them and use them for criminal purposes. Please remove them immediately.
View CIDR AS6893 Report: http://www.cidr-report.org/cgi-bin/as-report?as=6893

"6893 | CH | ripencc | 1997-01-07 | SAITIS-NETWORK Saitis Network"<br />
Extended information for AS6893:
State/Province:
Country:
Responsible Domain: saitis.net
Abuse Email: postmaster@saitis.net
Quote:
http://www.rhinoportail.com/cache/bawoek.kece??
CastleCops -> WsIRT Reports

All times are GMT

Page 1 of 1


Powered by phpBB © 2001 phpBB Group