Samstag, 29. März 2008

Der erste Angriff am 02.03.08

Der erste Versuch, am 02.03.08 fingen die Hacking-Angriffe auf eines meiner Portale an.

Warnung!!! Kommen Sie bitte nicht auf die Idee, durch Ersetzen von %3A%2F%2F und %2 durch die entsprechenden Zeichen, die URL´s aufzurufen, die als Sprungbrett verwendet wurden, es verbirgt sich evtl. immer noch schadhafter Code dahinter!

Der Amateur, der hier mittels seiner IP 209.23.126.65 seine Spur hinterlies, kam über folgenden Provider:

OrgName: Logical Net Corporation
OrgID: LNC
Address: 1593 Central Ave.
City: Albany
StateProv: NY
PostalCode: 12205
Country: US
NetRange: 209.23.0.0 - 209.23.127.255

Hier das Protokoll:

02-03-08 / 20:23:33 - 209.23.126.65 - /index.php?page=http%3A%2F%2Fsahel55.com%2Farticles%2Fomaduro%2Fkimumid%2
F&newsid=3
02-03-08 / 20:23:36 - 209.23.126.65 - /index.php?page=http%3A%2F%2Fwww.thoseguysfilms.com%2Fforums%2Ftemplates%2
FsubSilver%2Fimages%2Fuza%2Flaqipu%2F&newsid=3
02-03-08 / 20:23:37 - 209.23.126.65 - /index.php?page=http%3A%2F%2Fwww.electrofed.com%2F_app%2Fefc%2Fodoqu%2F
ferus%2F&newsid=3
02-03-08 / 20:23:38 - 209.23.126.65 - /index.php?page=shownews&newsid=http%3A%2F%2Fwww.pattibus.it%2Fphplib-7.2b%
2Fpages%2Filosi%2Fdohigal%2F
02-03-08 / 20:23:40 - 209.23.126.65 - /index.php?page=shownews&newsid=http%3A%2F%2Fwww.thoseguysfilms.com%2Fforu
ms%2Ftemplates%2FsubSilver%2Fimages%2Fuza%2Flaqipu%2F
02-03-08 / 20:23:41 - 209.23.126.65 - /index.php?page=shownews&newsid=http%3A%2F%2Fwww.cjp.spb.ru%2Fen%2Ftis%2F
leboma%2F
02-03-08 / 20:23:56 - 209.23.126.65 - /index.php?page=shownews&newsid=3
02-03-08 / 20:23:57 - 209.23.126.65 - /index.php
02-03-08 / 20:24:00 - 209.23.126.65 - /?orderby=http%3A%2F%2Fwww.municipioxii.it%2Fsunnyway%2Feheqebi%2Fjahibop%
2F&sortorder=asc
02-03-08 / 20:24:01 - 209.23.126.65 - /?orderby=http%3A%2F%2Fsinzinuri.com%2Fimsi%2Fdb%2Fpic%2Fbezefi%2Fugoye%2
F&sortorder=asc
02-03-08 / 20:24:02 - 209.23.126.65 - /?orderby=http%3A%2F%2Fsans-packing.ru%2Fimg%2Fjipeqap%2Fehudute%2F&sortor
der=asc
02-03-08 / 20:24:02 - 209.23.126.65 - /?orderby=country&sortorder=http%3A%2F%2Fwww.elettrodataservice.it%2Ffoto_artic
oli%2Fonoda%2Fiyegimi%2F
02-03-08 / 20:24:04 - 209.23.126.65 - /?orderby=country&sortorder=http%3A%2F%2Fwww.cjp.spb.ru%2Fen%2Ftis%2Flebom
a%2F

Am gleichen Tag folgte dann ein zweiter Angriff.

Der Amateur, der hier mittels seiner IP 72.232.44.170 seine Spur hinterlies, kam über folgenden Provider:

OrgName: Layered Technologies, Inc.
OrgID: LAYER-3
Address: 5085 W Park Blvd
Address: Suite 700
City: Plano
StateProv: TX
PostalCode: 75093
Country: US
NetRange: 72.232.0.0 - 72.233.127.255

02-03-08 / 21:11:30 - 72.232.44.170 - /
02-03-08 / 21:11:33 - 72.232.44.170 - /index.php?page=http%3A%2F%2Fwww.channelnewsperu.com%2Fimagenes%2Fpublicac
iones%2Ffotos%2Fnepicu%2Fegul%2F
02-03-08 / 21:11:34 - 72.232.44.170 - /index.php?page=http%3A%2F%2Fwww.channelnewsperu.com%2Fimagenes%2Fpublicac
iones%2Ffotos%2Fnepicu%2Fegul%2F
02-03-08 / 21:11:36 - 72.232.44.170 - /index.php?page=http%3A%2F%2Fwww.interkonet.com%2Fenxicmarxant%2Fweb%2Fe
ditor%2Fscripts%2Ficons%2Fcatizi%2Farofo%2F
02-03-08 / 21:11:47 - 72.232.44.170 - /index.php?page=shownews&newsid=http%3A%2F%2Fwww.felixtorresycia.com%2Fadm
in%2Fcorreo%2Fenaq%2Fecib%2F
02-03-08 / 21:11:51 - 72.232.44.170 - /index.php?page=shownews&newsid=http%3A%2F%2Fwww.heaven-house.kz%2Ftempl
ates_c%2Fsexes%2Fafacub%2F
02-03-08 / 21:11:52 - 72.232.44.170 - /index.php?page=shownews&newsid=http%3A%2F%2Fwww.interkonet.com%2Fenxicma
rxant%2Fweb%2Feditor%2Fscripts%2Ficons%2Fcatizi%2Farofo%2F
02-03-08 / 21:11:57 - 72.232.44.170 - /index.php?page=articles
02-03-08 / 21:12:02 - 72.232.44.170 - /index.php?page=showarticle&articleid=http%3A%2F%2Fhonamfishing.co.kr%2Fphpmy
sqladmin%2Flibraries%2Foduzov%2Fneloze%2F
02-03-08 / 21:12:04 - 72.232.44.170 - /index.php?page=showarticle&articleid=http%3A%2F%2Fwww.elettrodataservice.it%2F
foto_articoli%2Fonoda%2Fiyegimi%2F
02-03-08 / 21:12:06 - 72.232.44.170 - /index.php?page=showarticle&articleid=http%3A%2F%2Fwww.psikolojikyardim.org%2F
etkinlik%2Finclude%2Feto%2Fnixaz%2F
02-03-08 / 21:12:08 - 72.232.44.170 - /index.php?page=faq
02-03-08 / 21:12:10 - 72.232.44.170 - /index.php
02-03-08 / 21:12:16 - 72.232.44.170 - /?orderby=http%3A%2F%2Fwww.obrasmecanicasch.com%2Fomch%2Fimg%2Fitofu%2F
viroja%2F&sortorder=asc
02-03-08 / 21:12:17 - 72.232.44.170 - /?orderby=http%3A%2F%2Fsinzinuri.com%2Fimsi%2Fdb%2Fpic%2Fbezefi%2Fugoye%2
F&sortorder=asc
02-03-08 / 21:12:19 - 72.232.44.170 - /?orderby=http%3A%2F%2Fwww.tureksfuar.com.tr%2Fjoomla%2Fmambots%2Fconten
t%2Fugi%2Fvipo%2F&sortorder=asc
02-03-08 / 21:12:20 - 72.232.44.170 - /?orderby=sincedate&sortorder=http%3A%2F%2Fwww.electrofed.com%2F_app%2Fefc
%2Fodoqu%2Fferus%2F
02-03-08 / 21:12:21 - 72.232.44.170 - /?orderby=sincedate&sortorder=http%3A%2F%2Fwww.felixtorresycia.com%2Fadmin%
2Fcorreo%2Fenaq%2Fecib%2F
02-03-08 / 21:12:22 - 72.232.44.170 - /?orderby=sincedate&sortorder=http%3A%2F%2Fhonamfishing.co.kr%2Fphpmysqladm
in%2Flibraries%2Foduzov%2Fneloze%2F
02-03-08 / 21:12:24 - 72.232.44.170 - /index.php?page=login
02-03-08 / 21:12:29 - 72.232.44.170 - /index.php?page=showarticle&articleid=1
02-03-08 / 21:12:31 - 72.232.44.170 - /?orderby=sincedate&sortorder=asc
02-03-08 / 21:12:33 - 72.232.44.170 - /?orderby=age&sortorder=asc

Naja, es hat keiner der Amateure Schaden angerichtet, jedoch, schon der Versuch ist strafbar!

Viele Grüsse

Der Webmaster

Eingestellt von Werner Modes um 15:14
Labels: , , , , , , , ,

Keine Kommentare:

Kommentar veröffentlichen

Abonnieren Kommentare zum Post (Atom)