[nsp-sec] ACK 26496 - Re: DDoS: Compromised web servers

Wed Sep 26 13:39:12 EDT 2012

----- Original Message -----

From: "Nick Ianelli" <ni at allyourinfoarebelongto.us> 
To: nsp-security at puck.nether.net 
Sent: Tuesday, September 25, 2012 10:46:21 AM 
Subject: [nsp-sec] DDoS: Compromised web servers 

----------- nsp-security Confidential -------- 

-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA1 

Attached is a list being tracked by the malicious actors of 6206 
compromised web servers. Some of these have already been notified and 
cleaned up, for the others please distribute as you see fit. Prior to 
distribution please remove any list or personally identifiable 
information from it. 

In addition to indx.php, the following files may exist in the same 
directory: 

stcp.php 
stip.php 
stph.php 
classtyle.php 
classtyle2.php 

The following URL discusses some of the issues at play here, but I 
don't believe all are Joomla compromises: 

http://forum.joomla.org/viewtopic.php?t=737503 

In working with your constituency, if you were able to obtain the 
files listed above (and any other files in the same directory) as well 
as any web access logs specific to the files listed above, I would be 
extremely interested and eternally grateful. 

Any questions, let me know. 

Here is a list of ASNs (by count) of what's in the attached file: 

229 26496 
222 46606 
207 8560 
186 36351 
163 21844 
141 24940 
139 12637 
130 26347 
109 32475 
91 51468 
86 4134 
77 16276 
72 33182 
70 29873 
68 47583 
66 32392 
58 33070 
57 31034 
54 16265 
49 44112 
49 31815 
45 9931 
45 4808 
43 7643 
39 21788 
38 8358 
38 6724 
37 32613 
37 28753 
34 30496 
33 6697 
33 4847 
32 40034 
32 25532 
31 45538 
31 21155 
30 19066 
29 8342 
29 29097 
29 12824 
28 38719 
28 34788 
27 9929 
27 13768 
26 4837 
26 27823 
25 34011 
25 23352 
24 20773 
22 2914 
22 21069 
22 15418 
21 5483 
21 4812 
21 31727 
20 54288 
20 29550 
20 25535 
19 4766 
19 46015 
19 28907 
19 25653 
19 16626 
19 13213 
18 32244 
18 19318 
17 17054 
16 3786 
16 10297 
15 9123 
15 8972 
15 7162 
15 5606 
15 20860 
15 15967 
15 13335 
15 12301 
14 51559 
14 45544 
14 42612 
14 11388 
13 9318 
13 3595 
13 18403 
13 15685 
13 12129 
12 9120 
12 41079 
12 36024 
12 34233 
12 29944 
12 25761 
12 23724 
12 2116 
12 19994 
12 17971 
12 15244 
12 11042 
11 9891 
11 48635 
11 42695 
11 32181 
11 20718 
11 16637 
11 14259 
10 7303 
10 6939 
10 6830 
10 39392 
10 3340 
10 29854 
10 24557 
10 17974 
9 9121 
9 42926 
9 42910 
9 34619 
9 31122 
9 30475 
9 25847 
9 25184 
9 25137 
9 11343 
8 5602 
8 52148 
8 51167 
8 48232 
8 47781 
8 43711 
8 42331 
8 41126 
8 39792 
8 32748 
8 29802 
8 29182 
8 27715 
8 21219 
8 18450 
7 9394 
7 8870 
7 8495 
7 8220 
7 7859 
7 54641 
7 51557 
7 51013 
7 49604 
7 41342 
7 33668 
7 29671 
7 29522 
7 25459 
7 24971 
7 22878 
7 20738 
7 197019 
6 6128 
6 5618 
6 54020 
6 50482 
6 45287 
6 43773 
6 43362 
6 43146 
6 42807 
6 42655 
6 4250 
6 40975 
6 38955 
6 38661 
6 3741 
6 34989 
6 3352 
6 3301 
6 30083 
6 29278 
6 29076 
6 27257 
6 25229 
6 25074 
6 20597 
6 18747 
6 17746 
6 17139 
6 13618 
6 13354 
6 10929 
6 10474 
5 9371 
5 8771 
5 786 
5 51734 
5 49635 
5 48809 
5 47880 
5 47846 
5 4765 
5 46475 
5 39756 
5 39122 
5 38544 
5 38001 
5 37992 
5 37963 
5 36666 
5 36114 
5 35569 
5 34087 
5 33626 
5 3265 
5 30058 
5 29686 
5 29017 
5 28209 
5 24961 
5 23033 
5 22576 
5 21949 
5 21217 
5 20857 
5 20454 
5 197712 
5 196763 
5 17444 
5 16095 
5 15395 
5 131353 
5 12695 
4 9892 
4 9811 
4 9785 
4 9198 
4 8542 
4 7693 
4 7595 
4 7497 
4 7296 
4 7018 
4 6799 
4 55660 
4 55455 
4 53628 
4 5033 
4 49693 
4 48854 
4 48505 
4 47242 
4 46433 
4 45839 
4 45731 
4 45223 
4 45012 
4 4323 
4 42244 
4 41550 
4 41186 
4 41075 
4 37153 
4 35415 
4 34358 
4 34104 
4 33970 
4 3292 
4 31698 
4 29208 
4 25234 
4 24989 
4 24446 
4 2108 
4 2044 
4 20207 
4 197902 
4 17547 
4 17511 
4 16814 
4 16791 
4 16371 
4 16347 
4 16010 
4 15830 
4 14211 
4 14116 
4 131447 
4 12874 
3 9930 
3 9737 
3 9381 
3 9269 
3 9143 
3 9050 
3 8315 
3 8151 
3 81 
3 7819 
3 7393 
3 6429 
3 6367 
3 6147 
3 58487 
3 57367 
3 56465 
3 558 
3 55688 
3 55451 
3 5464 
3 51905 
3 51461 
3 49792 
3 49699 
3 49352 
3 48931 
3 48881 
3 48172 
3 4802 
3 4788 
3 47692 
3 46699 
3 46562 
3 46549 
3 45638 
3 45634 
3 45454 
3 44497 
3 43513 
3 43391 
3 41881 
3 39582 
3 37943 
3 36444 
3 36127 
3 35818 
3 35206 
3 34594 
3 34432 
3 34119 
3 3356 
3 33480 
3 3327 
3 33055 
3 3303 
3 33028 
3 32097 
3 31240 
3 30943 
3 30217 
3 30176 
3 29650 
3 29422 
3 29405 
3 29222 
3 29014 
3 27887 
3 262672 
3 2614 
3 24875 
3 21840 
3 21740 
3 20495 
3 198030 
3 197540 
3 197155 
3 196713 
3 18479 
3 17964 
3 17660 
3 17429 
3 1680 
3 16245 
3 16178 
3 15467 
3 14415 
3 13301 
3 132241 
3 13147 
3 12994 
3 1257 
3 12406 
3 12312 
3 12143 
3 11830 
3 11305 
2 9729 
2 9562 
2 9543 
2 9304 
2 9280 
2 8980 
2 8893 
2 8737 
2 8708 
2 8511 
2 8473 
2 8308 
2 8262 
2 8256 
2 8222 
2 7796 
2 7784 
2 7604 
2 760 
2 7132 
2 6983 
2 6977 
2 6849 
2 6711 
2 6648 
2 6407 
2 58377 
2 56740 
2 5645 
2 56330 
2 55830 
2 5578 
2 53889 
2 52368 
2 52335 
2 52174 
2 51405 
2 49964 
2 49467 
2 49367 
2 4935 
2 48964 
2 48961 
2 48825 
2 4851 
2 48287 
2 47531 
2 47521 
2 4739 
2 46696 
2 46664 
2 4618 
2 45899 
2 45815 
2 45753 
2 45705 
2 45671 
2 45353 
2 45324 
2 45045 
2 43939 
2 43541 
2 43260 
2 43006 
2 42949 
2 42864 
2 42549 
2 42289 
2 41528 
2 40728 
2 4058 
2 40561 
2 39887 
2 39197 
2 39134 
2 38895 
2 38331 
2 38197 
2 3816 
2 36874 
2 36752 
2 36167 
2 36057 
2 35732 
2 3561 
2 3549 
2 35470 
2 35000 
2 34714 
2 34655 
2 3462 
2 34282 
2 34235 
2 33876 
2 33494 
2 3320 
2 3313 
2 3308 
2 32875 
2 32780 
2 32751 
2 3248 
2 3242 
2 31731 
2 31593 
2 31477 
2 31400 
2 31365 
2 31283 
2 30968 
2 30447 
2 30408 
2 29761 
2 29134 
2 29083 
2 28747 
2 28299 
2 27467 
2 27413 
2 26101 
2 25767 
2 25563 
2 25549 
2 2554 
2 25429 
2 24482 
2 24422 
2 24176 
2 24173 
2 24085 
2 23974 
2 23650 
2 23342 
2 21980 
2 2119 
2 20847 
2 20655 
2 20401 
2 20218 
2 20015 
2 198414 
2 197252 
2 18779 
2 18229 
2 18059 
2 17623 
2 17451 
2 174 
2 16737 
2 16125 
2 16097 
2 15982 
2 15966 
2 15699 
2 15598 
2 15525 
2 15083 
2 15022 
2 15003 
2 14992 
2 14988 
2 14166 
2 137 
2 13237 
2 12978 
2 12946 
2 12552 
2 12322 
2 12296 
2 12260 
2 12258 
2 11845 
2 11556 
2 11486 
2 11069 
2 11022 
2 10620 
2 10481 
2 10318 
2 10316 
2 10029 
1 NA 
1 9808 
1 9658 
1 9512 
1 9498 
1 9411 
1 9370 
1 9293 
1 9245 
1 9228 
1 9211 
1 9125 
1 9112 
1 9085 
1 9044 
1 9003 
1 8997 
1 8982 
1 8970 
1 8897 
1 8896 
1 8881 
1 8820 
1 8767 
1 8764 
1 8685 
1 8624 
1 8612 
1 8594 
1 8536 
1 8517 
1 8447 
1 8426 
1 8386 
1 8248 
1 8218 
1 8201 
1 8194 
1 8075 
1 7725 
1 7654 
1 7616 
1 7552 
1 7539 
1 7506 
1 7418 
1 7321 
1 703 
1 7015 
1 701 
1 6903 
1 6871 
1 6821 
1 6802 
1 6772 
1 6752 
1 6730 
1 6719 
1 6656 
1 6568 
1 6539 
1 6503 
1 6315 
1 59441 
1 58621 
1 58619 
1 58529 
1 58397 
1 577 
1 5713 
1 56964 
1 56867 
1 56582 
1 56485 
1 56363 
1 5617 
1 559 
1 55897 
1 55824 
1 5577 
1 55711 
1 55545 
1 55533 
1 55470 
1 55449 
1 5495 
1 54456 
1 5408 
1 5404 
1 5382 
1 53665 
1 53589 
1 53486 
1 53435 
1 53340 
1 53243 
1 53093 
1 53055 
1 52023 
1 51949 
1 51852 
1 51783 
1 51740 
1 51696 
1 50938 
1 50819 
1 5078 
1 5071 
1 50694 
1 50673 
1 5056 
1 5048 
1 50474 
1 50448 
1 50304 
1 49981 
1 49879 
1 49834 
1 49715 
1 49505 
1 49457 
1 49364 
1 49189 
1 49063 
1 48971 
1 48923 
1 48894 
1 48791 
1 48539 
1 48452 
1 48401 
1 48347 
1 48185 
1 4809 
1 48031 
1 47986 
1 47950 
1 47894 
1 47869 
1 4780 
1 4755 
1 47544 
1 47506 
1 47447 
1 47385 
1 47253 
1 4713 
1 46785 
1 4670 
1 46636 
1 4657 
1 46506 
1 4645 
1 45459 
1 45458 
1 45425 
1 4538 
1 45352 
1 45313 
1 45292 
1 45289 
1 45037 
1 44898 
1 44565 
1 44376 
1 44302 
1 44038 
1 43612 
1 43557 
1 43470 
1 43333 
1 43022 
1 42927 
1 42755 
1 42713 
1 42648 
1 42585 
1 4230 
1 42237 
1 42160 
1 41943 
1 41887 
1 41828 
1 41801 
1 41770 
1 41635 
1 41541 
1 41535 
1 41499 
1 41445 
1 41352 
1 41046 
1 40935 
1 40028 
1 39866 
1 39812 
1 39790 
1 39786 
1 39779 
1 39743 
1 39451 
1 39309 
1 39234 
1 39074 
1 38805 
1 38733 
1 38732 
1 38510 
1 38496 
1 38363 
1 38328 
1 38142 
1 37932 
1 37159 
1 37053 
1 36937 
1 36843 
1 36646 
1 3633 
1 36218 
1 35916 
1 35914 
1 35908 
1 35718 
1 35662 
1 35612 
1 35592 
1 35581 
1 35311 
1 35228 
1 35219 
1 35191 
1 35132 
1 35017 
1 34762 
1 34758 
1 34639 
1 34347 
1 34222 
1 34221 
1 34173 
1 34 
1 33984 
1 33828 
1 33662 
1 33363 
1 33260 
1 33065 
1 3269 
1 3254 
1 3249 
1 3226 
1 3215 
1 31863 
1 31856 
1 31715 
1 31708 
1 31463 
1 31252 
1 31244 
1 31242 
1 31239 
1 31083 
1 30902 
1 30633 
1 30568 
1 30500 
1 30350 
1 30295 
1 29863 
1 29695 
1 29619 
1 29590 
1 29553 
1 29339 
1 29319 
1 29314 
1 29119 
1 29081 
1 29028 
1 28968 
1 28788 
1 28751 
1 28677 
1 28660 
1 28649 
1 28598 
1 27473 
1 27357 
1 2715 
1 2706 
1 26617 
1 26277 
1 262471 
1 2611 
1 25956 
1 25577 
1 25542 
1 25525 
1 25401 
1 25291 
1 2529 
1 25036 
1 24994 
1 24973 
1 2497 
1 24931 
1 24827 
1 24822 
1 24768 
1 24706 
1 24592 
1 24560 
1 24521 
1 24466 
1 24444 
1 24262 
1 24238 
1 23884 
1 23679 
1 23671 
1 23237 
1 23201 
1 23127 
1 22925 
1 22923 
1 22898 
1 22773 
1 22653 
1 22307 
1 22241 
1 2200 
1 21694 
1 21280 
1 21236 
1 2118 
1 2107 
1 20882 
1 20853 
1 20766 
1 20569 
1 20547 
1 20485 
1 20473 
1 20367 
1 20214 
1 2018 
1 20141 
1 2012 
1 198921 
1 19875 
1 198610 
1 19844 
1 198171 
1 197395 
1 197377 
1 19675 
1 19624 
1 1955 
1 19528 
1 19262 
1 19237 
1 19089 
1 18931 
1 18881 
1 18866 
1 18566 
1 18530 
1 1853 
1 1836 
1 18202 
1 18051 
1 18042 
1 17996 
1 17911 
1 17828 
1 17672 
1 1764 
1 17625 
1 17621 
1 1759 
1 17222 
1 17183 
1 16735 
1 1659 
1 16257 
1 16243 
1 16237 
1 16215 
1 15879 
1 15874 
1 15772 
1 15756 
1 15703 
1 15694 
1 15611 
1 15510 
1 15497 
1 15321 
1 15318 
1 15278 
1 14778 
1 14744 
1 14618 
1 14383 
1 14361 
1 14280 
1 13999 
1 13767 
1 13649 
1 13438 
1 13392 
1 13285 
1 13193 
1 131472 
1 13127 
1 13101 
1 13041 
1 13022 
1 12968 
1 12880 
1 12769 
1 12741 
1 12703 
1 12630 
1 12586 
1 12578 
1 12574 
1 12573 
1 12564 
1 12423 
1 1241 
1 12389 
1 12315 
1 12310 
1 12252 
1 12140 
1 12025 
1 11955 
1 11664 
1 11492 
1 11426 
1 10819 
1 10464 
1 10207 
1 10201 
1 10094 

Cheers, 
Nick 
-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v2.0.14 (GNU/Linux) 

iEYEARECAAYFAlBh7e0ACgkQi10dJIBjZIAhMQCguzF4lqr+0qJpFjhE6a89C4BL 
uM4AoLld3jYOrNl8QE+cd3/jhhGSYpRW 
=ytm+ 
-----END PGP SIGNATURE----- 

_______________________________________________ 
nsp-security mailing list 
nsp-security at puck.nether.net 
https://puck.nether.net/mailman/listinfo/nsp-security 

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security 
community. Confidentiality is essential for effective Internet security counter-measures. 
_______________________________________________ 