cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Another Hacker on plusnets servers.

BattleRat
Grafter
Posts: 104
Registered: ‎01-08-2007

Another Hacker on plusnets servers.

‎16-12-2007 5:11 PM

here we go .. got another one.
User Anonymous has been automatically banned on your site PlanetQuakeWar
Cause: Breach attempt on file admin.php or attempted to use SQL exploit<br>Url 
String: /index.php?page=../../../../../../../../../../../../../../../etc/passwd <br>
Url: legacy-moh2.ptn-games07.games.plus.net<br>Banned Ip is 87.114.10.119<br>
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)<br>

check out that domain for scripts please admins.
having a website hacked is bad enough, worse again when it comes from inside the network.
[Moderator's note by billbo: Code broken up it was way too wide]
Message 1 of 7
(3,152 Views)
0 Thanks
6 REPLIES 6
zubel
Community Veteran
Posts: 3,793
Thanks: 4
Registered: ‎08-06-2007

Re: Another Hacker on plusnets servers.

‎16-12-2007 6:48 PM

You do have to be careful as this may just be a member of a botnet, and not necessarily direct malicious behaviour.
However, that being said I'm sure Plusnet will investigate as far as they can.
B.
Message 2 of 7
(912 Views)
0 Thanks
ffupi
Grafter
Posts: 370
Registered: ‎01-08-2007

Re: Another Hacker on plusnets servers.

‎16-12-2007 6:57 PM

abuse@plus.net is their email, according to Domain-Tools: http://whois.domaintools.com/87.114.10.119
Message 3 of 7
(912 Views)
0 Thanks
chillypenguin
Grafter
Posts: 4,729
Registered: ‎04-04-2007

Re: Another Hacker on plusnets servers.

‎16-12-2007 9:27 PM

Its very unlikely to be a PlusNet customer, as any account with shell access to the cgi servers can read that file, all 8713 lines of it.
Also they only need to go back three directories.
Chilly
Message 4 of 7
(912 Views)
0 Thanks
jelv
Seasoned Hero
Posts: 26,786
Thanks: 969
Fixes: 10
Registered: ‎10-04-2007

Re: Another Hacker on plusnets servers.

‎16-12-2007 10:01 PM

Quote from: chillypenguin
Its very unlikely to be a PlusNet customer

Quote
Banned Ip is 87.114.10.119

C:\Documents and Settings\John>nslookup 87.114.10.119
Server:  localhost
Address:  127.0.0.1
Name:    87.114.10.119.plusnet.thn-ag3.dyn.plus.net
Address:  87.114.10.119
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
Message 5 of 7
(912 Views)
0 Thanks
chillypenguin
Grafter
Posts: 4,729
Registered: ‎04-04-2007

Re: Another Hacker on plusnets servers.

‎16-12-2007 10:54 PM

I was not saying that the address was not PlusNet. Just that any user could get that file much easier.
I was thinking along the lines of a bot, or machine that has been hacked itself.
Chilly
Message 6 of 7
(912 Views)
0 Thanks
Ianwild
Grafter
Posts: 3,835
Registered: ‎05-04-2007

Re: Another Hacker on plusnets servers.

‎17-12-2007 9:46 AM

We would be very grateful if this report could be submitted via the correct procedure, as per:
http://www.plus.net/support/security/abuse/how_to_report_abuse.shtml
Many thanks,
Ian
(Just fixing your link, Ian)
Message 7 of 7
(912 Views)
0 Thanks