[nsp-sec] amazon attack
Dave Burke
dave at amazon.com
Fri Jun 6 16:09:13 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
FYI,
Here is the top 10 offenders we have blocked so far on our border
208.86.157.28/32
np-43-142.netpoint.ee (194.204.43.142/32)
149-98-177-194.serverdedicati.seflow.net (194.177.98.149/32)
bearnaise.andreas-knepper.de (213.239.192.233/32)
166849-web1.mysticnet.com (67.192.190.80/32)
hyatt.domeneshop.no (194.63.248.42/32)
2green.veraserve.com (65.38.168.196/32)
dd6832.kasserver.com (85.13.131.133/32)
mx.phpnet.org (195.144.11.40/32)
esc92.midphase.com (216.104.33.78/32)
66.160.178.217/32
ip-216-69-175-89.ip.secureserver.net (216.69.175.89/32)
bearnaise.andreas-knepper.de (213.239.192.233/32)
web26.webfaction.com (74.54.74.98/32)
208.86.157.28 was being controlled via script from 194.85.89.245
I've attached the loc.php script being used.
So far, all of the top offenders, we're seeing are linux servers running
apache/php
dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFISZlp6xddYR6j4jARAvd8AJ9/+9qsHkPVEYDx7DIMeD0OezluOgCfePGy
fD4bZDSjPyU/u7ZlHKssalc=
=2TGm
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list