Paul
CastleCops Founder
Joined: Feb 22, 2002
Posts: 27351
|
 Posted: Mon Dec 03, 2007 1:14 am Post subject: [WsIRT#187] Qe3shell, r57shell @AS36351 |
|
|
Attack Alert
Full Report:  /Qe3shell_r57shell_attack187.html
Changed status to confirmed attack.
IP Converted: 75.126.135.130
dword = 1266583426
hex1 = 0x4b7e8782
hex2 = 0x4b.0x7e.0x87.0x82
oct = 0113.0176.0207.0202
o---[ FSN - LONG LIVE ETHNIC Kirbyna | <a href=http://www.asc.sh/ target=_blank>WWW.XSHQIPTARETX.ORG</a> | <a href=irc://irc.ascnet.biz/asc target=_blank>Kirbyna 3.5</a> | version ".$version." ]---o
View CIDR AS36351 Report: http://www.cidr-report.org/cgi-bin/as-report?as=36351
"36351 | US | arin | 2005-12-12 | SOFTLAYER - SoftLayer Technologies Inc."<br />
Extended information for AS36351:
State/Province: tx
Country: us
Responsible Domain: softlayer.com
Abuse Email: abuse@softlayer.com
This script bills itself as r57, but it looks like a qe3 instead, modified by "Kirbyna".
This file is being injected by attackers into exploitable web servers which then gives them direct shell access to it. Please remove immediately.
| Quote: | | http://kirbyoi.altervista.org/intro/blu.gif??? |
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
