cancel
Showing results for 
Search instead for 
Did you mean: 

Another Hacker on plusnets servers.

BattleRat
Grafter
Posts: 104
Registered: ‎01-08-2007

Another Hacker on plusnets servers.

here we go .. got another one.
User Anonymous has been automatically banned on your site PlanetQuakeWar
Cause: Breach attempt on file admin.php or attempted to use SQL exploit<br>Url
String: /index.php?page=../../../../../../../../../../../../../../../etc/passwd <br>
Url: legacy-moh2.ptn-games07.games.plus.net<br>Banned Ip is 87.114.10.119<br>
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)<br>

check out that domain for scripts please admins.
having a website hacked is bad enough, worse again when it comes from inside the network.
[Moderator's note by billbo: Code broken up it was way too wide]
6 REPLIES 6
zubel
Community Veteran
Posts: 3,789
Thanks: 1
Registered: ‎08-06-2007

Re: Another Hacker on plusnets servers.

You do have to be careful as this may just be a member of a botnet, and not necessarily direct malicious behaviour.
However, that being said I'm sure Plusnet will investigate as far as they can.
B.
ffupi
Grafter
Posts: 370
Registered: ‎01-08-2007

Re: Another Hacker on plusnets servers.

abuse@plus.net is their email, according to Domain-Tools: http://whois.domaintools.com/87.114.10.119
chillypenguin
Community Veteran
Posts: 4,729
Registered: ‎04-04-2007

Re: Another Hacker on plusnets servers.

Its very unlikely to be a PlusNet customer, as any account with shell access to the cgi servers can read that file, all 8713 lines of it.
Also they only need to go back three directories.
Chilly
jelv
Community Veteran
Posts: 26,786
Thanks: 990
Fixes: 10
Registered: ‎10-04-2007

Re: Another Hacker on plusnets servers.

Quote from: chillypenguin
Its very unlikely to be a PlusNet customer

Quote
Banned Ip is 87.114.10.119

C:\Documents and Settings\John>nslookup 87.114.10.119
Server:  localhost
Address:  127.0.0.1
Name:    87.114.10.119.plusnet.thn-ag3.dyn.plus.net
Address:  87.114.10.119
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
chillypenguin
Community Veteran
Posts: 4,729
Registered: ‎04-04-2007

Re: Another Hacker on plusnets servers.

I was not saying that the address was not PlusNet. Just that any user could get that file much easier.
I was thinking along the lines of a bot, or machine that has been hacked itself.
Chilly
Ianwild
Grafter
Posts: 3,835
Registered: ‎05-04-2007

Re: Another Hacker on plusnets servers.

We would be very grateful if this report could be submitted via the correct procedure, as per:
http://www.plus.net/support/security/abuse/how_to_report_abuse.shtml
Many thanks,
Ian
(Just fixing your link, Ian)