To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Hi all :)
I'm running a special web server (so nothing common with apache/PHP or something else, that a bot could know), and i receive tons of POST requests (one every 15 seconds) from around 800 uniq ips (from .hu, .ro, .ru, .pl and some .it). The request looks like this: 84.28.146.18: POST /x.cgi?aef0fcf9f4ffebbdf0fcf8f5f9ffebb8f0f8fdebbbf0f8fdf8ebaff0fbf5fdfaf4f8f4feeba9f0ffebaaf0f5f4e3fcf8f4e3fcfdffe3fffefceba8f08ef791a6a6b4a3a3e3a8b5a8cd (Lang: en-us) 404 79.7.41.92: POST /x.cgi?b3ede1e8e5f6a0ede2e8e1e1e8f6a5ede1e0e5f6a6ede5e0e3f6b2ede7e4e1e5e6e8e6f6b4ede2f6b7ede9e9fee2e2e9fee1e6e8fee1e3f6b5ed93ea8ca8b6bdb2feb5a8b5d0 (Lang: en-us) 404 87.4.96.33: POST /x.cgi?7e202f242f3b6d202c2a29252b3b6820282d3b6b20282d283b7f20292c2a2d25252d2a3b7920293b7a202529332c2d2d332c2a2933292c3b78205e27417676647373337865781d (Lang: en-us) 404 here's a little list of IPs: 87.65.12.234 190.51.251.223 196.206.137.176 62.201.85.159 83.4.231.222 83.59.13.185 90.49.142.243 84.101.239.153 89.16.19.183 86.124.229.248 201.252.167.237 190.48.108.194 88.240.52.49 84.3.131.83 201.255.158.80 190.51.75.188 196.206.149.169 87.4.96.33 190.50.102.162 190.30.108.57 86.124.229.183 190.64.93.170 124.120.0.243 89.2.68.247 190.64.101.214 81.64.6.233 89.16.24.159 86.201.171.33 79.7.41.92 90.59.208.165 I have logs with around 800 uniq ips.. If anyone knows more about this, i didn't find anything on google... Thanks by advance, Jérémie -- Jérémie 'ahFeel' BORDIER _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets