To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Sorry for the repost, just to clarify the question:
I think Plesk is the admin utility for a shared hosting webserver and mayhaps one of the sites hosted thereon was compromised to hold the attackers code. So there may be no direct connection to Plesk other than that it is a widely used admin tool for webservers. Is this correct? thanks, bf On 4/6/06, bf <[EMAIL PROTECTED]> wrote: > /snip > > > 70.168.74.193/strange <<-- downloader > > > > Looks like something our good friend LordNikon might be behind. > /snip > > What's the associate with "Plesk" admin pages. I see those included > often.... is the server being whacked through a Plesk sploit and being > used for spreading or is the attacker hosting something there or what? > > Btw: > That Plesk page belongs to COX in ATL: > Cox Communications Inc. NETBLK-COX-ATLANTA-10 (NET-70-160-0-0-1) > 70.160.0.0 - 70.191.255.255 > Cox Communications Inc. NETBLK-RI-OHFC-70-168-72-0 (NET-70-168-72-0-1) > 70.168.72.0 - 70.168.79.255 > > I think someone there watches this list yes? > > thanks, > bf > > On 4/5/06, PinkFreud <[EMAIL PROTECTED]> wrote: > > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > > ---------- > > On Wed, Apr 05, 2006 at 06:55:33AM -0500, [EMAIL PROTECTED] babbled thus: > > > I just don;t have time to look at it right now, so here is the link to > > > another botnet irc client: > > > > > > http://210.3.4.193/cmd.txt <<-- defacer > > > > Indeed. > > > > > 70.168.74.193/strange <<-- downloader > > > > Looks like something our good friend LordNikon might be behind. > > > > > 207.90.211.54/arts <<-- actual client > > > > 404 > > > > > http://72.34.42.241/~dancing/bash <<-- spreader > > > > Actually, this is a Kaiten, which doesn't spread on it's own. > > Judging from strings in the usual places, it appears this beast > > connects to 205.237.246.203 and joins #aseasii with a key of aseasi > > > > The ip this thing connects to appears to be owned by: > > OrgName: College Lionel-Groulx > > OrgID: COLLEG-23 > > Address: 100 rue Duquet > > City: Sainte-Therese > > StateProv: Quebec > > PostalCode: J7E 3G6 > > Country: CA > > > > > peace out. > > > > Indeed. > > > > > > -- > > PinkFreud > > Chief of Security, Nightstar IRC network > > irc.nightstar.net | www.nightstar.net > > Server Administrator - Blargh.CA.US.Nightstar.Net > > Unsolicited advertisements sent to this address are NOT welcome. > > _______________________________________________ > > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > > All list and server information are public and available to law enforcement > > upon request. > > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > > > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
