To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- J. Oquendo napsal(a): > Alright, its Monday, thought some may need a laugh: > > mta242.xxxxxxx.net [10/Dec/2007:07:13:11 -0600] "GET > /(Yvax:%20uggc:/jjj.tbbtyr-nanylgvpf.pbz/hepuva.wf)uggc:/jjj.tbbtyr-nanylgvpf.pbz/hepuva.wf > HTTP/1.1" "-" > > Is rot13 bleeding edge. By the way this message has been encrypted with > rot13 twice. Contact me for the key.
twice ? it works just once for me to get http:/www.google-analytics.com/urchin.js and i really wonder why would someone do such a thing and how ;) .. only answer in my mind is to circumvert some IDS and parse it with mod_rewrite+external script on the server side to make it even work ... but it's just guess ... ... ... ... or i completely missed the point ;( bodik _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets