Home » artikel, misc

Serangan hackers sekali lagi

12 August 2009 No Comment

Kalau sesiapa yang mengikut blog ini tentu perasan tentang post saya sebelum ini tentang serangan hackers melalui FTP. Kali ini kena lagi. Serangan kali ini adalah dari India jika mengikut IP hackers. Mungkin betul IP hackers tersebut, mungkin juga hackers menggunakan proxy. Tapi apa pun kesan kali ini adalah lebih teruk. Lebih teruk dari Hurulaini.net.

Terpaksa reset hosting dan upload balik. Sedih betul.

Tak tahulah macam mana hackers tu boleh sniff password. Password dah tukar pun masih lagi boleh di hack. Langkah terakhir adalah reset hosting dan gunakan https untuk login ke Cpanel.

Fail-fail yang diupload oleh hackers durjana

Fail-fail yang diupload oleh hackers durjana

Mana datang folder ni, aku tak upload pun

Mana datang folder ni, aku tak upload pun

Cpanel login

218.248.69.30 – inertz [08/11/2009:05:45:12 -0000] “GET /frontend/x3/images/delete.jpg HTTP/1.1” 200 0 “http://inertz.org:2082/frontend/x3/cron/advcron.html?” “Opera/9.62 (Windows NT 5.1; U; en) Presto/2.1.1”
218.248.69.30 – inertz [08/11/2009:05:45:15 -0000] “GET /cPanel_magic_revision_96249075938.833/frontend/x3/branding/icon_sprites_img_scale_60percent.png HTTP/1.1” 200 0 “http://inertz.org:2082/frontend/x3/cron/advcron.html?” “Opera/9.62 (Windows NT 5.1; U; en) Presto/2.1.1”

218.248.69.23 – inertz [08/10/2009:01:57:37 -0000] “POST /frontend/x3/cron/editcron.html HTTP/1.1” 200 0 “http://inertz.org:2082/frontend/x3/cron/advcron.html?” “Opera/9.62 (Windows NT 5.1; U; en) Presto/2.1.1”
218.248.69.23 – inertz [08/10/2009:01:57:41 -0000] “GET /frontend/x3/cron/index.html HTTP/1.1” 200 0 “http://inertz.org:2082/frontend/x3/cron/editcron.html” “Opera/9.62 (Windows NT 5.1; U; en) Presto/2.1.1”

218.248.69.33 – inertz [08/08/2009:16:04:29 -0000] “GET /frontend/x3/cron/index.html HTTP/1.1” 200 0 “http://inertz.org:2082/frontend/x3/cron/editcron.html” “Opera/9.62 (Windows NT 5.1; U; en) Presto/2.1.1”
218.248.69.33 – inertz [08/08/2009:16:04:35 -0000] “GET /frontend/x3/cron/advcron.html? HTTP/1.1” 200 0 “http://inertz.org:2082/frontend/x3/cron/index.html” “Opera/9.62 (Windows NT 5.1; U; en) Presto/2.1.1”

FTP login

Aug  9 12:50:59 svr pure-ftpd: (?@218.248.69.31) [INFO] inertz is now logged in
Aug  9 12:51:55 svr pure-ftpd: (inertz@218.248.69.31) [NOTICE] /home/inertz//session/Cookies/7874490 uploaded  (236 bytes, 0.32KB/sec)
Aug  9 12:51:59 svr pure-ftpd: (inertz@218.248.69.31) [NOTICE] /home/inertz//session/Cookies/145987 uploaded  (236 bytes, 0.23KB/sec)
Aug  9 12:52:17 svr pure-ftpd: (inertz@218.248.69.31) [INFO] Logout.
Aug  9 19:18:11 svr pure-ftpd: (?@218.248.69.31) [INFO] inertz is now logged in
Aug  9 19:18:44 svr pure-ftpd: (inertz@218.248.69.31) [NOTICE] /home/inertz//session/Cookies/10065454 uploaded  (236 bytes, 0.32KB/sec)
Aug  9 19:18:48 svr pure-ftpd: (inertz@218.248.69.31) [NOTICE] /home/inertz//session/Cookies/10100112 uploaded  (236 bytes, 0.30KB/sec)
Aug  9 19:34:02 svr pure-ftpd: (inertz@218.248.69.31) [INFO] Timeout – try typing a little faster next time
Aug  9 19:38:55 svr pure-ftpd: (?@218.248.69.31) [INFO] inertz is now logged in
Aug  9 19:39:07 svr pure-ftpd: (inertz@218.248.69.31) [INFO] Logout.
Aug  9 20:25:55 svr pure-ftpd: (?@218.248.69.31) [INFO] inertz is now logged in
Aug  9 20:26:41 svr pure-ftpd: (inertz@218.248.69.31) [NOTICE] /home/inertz//session/Cookies/hondaclub uploaded  (236 bytes, 0.27KB/sec)
Aug  9 20:30:36 svr pure-ftpd: (inertz@218.248.69.31) [INFO] Logout.

Aug 10 10:31:49 svr pure-ftpd: (inertz@218.248.69.23) [NOTICE] Deleted Internet_tips.rar.64
Aug 10 10:31:49 svr pure-ftpd: (inertz@218.248.69.23) [NOTICE] Deleted anti_spam.rar.64
Aug 10 10:31:50 svr pure-ftpd: (inertz@218.248.69.23) [NOTICE] Deleted black.mp3.180

Aug 10 19:27:10 svr pure-ftpd: (inertz@218.248.69.24) [NOTICE] Deleted 8050140
Aug 10 19:31:36 svr pure-ftpd: (inertz@218.248.69.24) [NOTICE] /home/inertz//session/Cookies/6162540 uploaded  (204 bytes, 0.26KB/sec)
Aug 10 19:31:40 svr pure-ftpd: (inertz@218.248.69.24) [NOTICE] /home/inertz//session/Cookies/8050140 uploaded  (204 bytes, 0.19KB/sec)

Saat-saat terakhir sebelum hackers di blok.

Aug 11 13:20:51 svr pure-ftpd: (?@218.248.69.30) [INFO] New connection from 218.248.69.30
Aug 11 13:21:10 svr pure-ftpd: (?@218.248.69.30) [INFO] New connection from 218.248.69.30
Aug 11 13:27:15 svr pure-ftpd: (?@218.248.69.30) [INFO] New connection from 218.248.69.30
Aug 11 13:27:16 svr pure-ftpd: (?@218.248.69.30) [WARNING] Authentication failed for user [inertz]
Aug 11 13:27:21 svr pure-ftpd: (?@218.248.69.30) [INFO] Logout.
Aug 11 13:27:25 svr pure-ftpd: (?@218.248.69.30) [INFO] New connection from 218.248.69.30
Aug 11 13:27:26 svr pure-ftpd: (?@218.248.69.30) [WARNING] Authentication failed for user [inertz]
Aug 11 13:27:31 svr pure-ftpd: (?@218.248.69.30) [INFO] Logout.
Aug 11 13:28:12 svr pure-ftpd: (?@218.248.69.30) [INFO] New connection from 218.248.69.30
Aug 11 13:28:16 svr pure-ftpd: (?@218.248.69.30) [WARNING] Authentication failed for user [inertz]
Aug 11 13:28:21 svr pure-ftpd: (?@218.248.69.30) [INFO] Logout.
Aug 11 13:28:46 svr pure-ftpd: (?@218.248.69.30) [INFO] New connection from 218.248.69.30
Aug 11 13:28:47 svr pure-ftpd: (?@218.248.69.30) [WARNING] Authentication failed for user [inertz]
Aug 11 13:28:52 svr pure-ftpd: (?@218.248.69.30) [INFO] Logout.
Aug 11 13:29:07 svr pure-ftpd: (?@218.248.69.30) [INFO] New connection from 218.248.69.30
Aug 11 13:29:09 svr pure-ftpd: (?@218.248.69.30) [WARNING] Authentication failed for user [inertz]
Aug 11 13:29:12 svr pure-ftpd: (?@218.248.69.30) [INFO] Logout.
Aug 11 13:42:38 svr pure-ftpd: (?@218.248.69.30) [INFO] New connection from 218.248.69.30
Aug 11 13:42:40 svr pure-ftpd: (?@218.248.69.30) [WARNING] Authentication failed for user [tested]
Aug 11 13:42:44 svr pure-ftpd: (?@218.248.69.30) [INFO] Logout.

Maklumat IP hackers

root@svr [~]# whois 218.248.69.30
[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      218.248.0.0 – 218.248.255.255
netname:      BSNLNET
descr:        National Internet Backbone
descr:        Bharat Sanchar Nigam Limited
descr:        Sanchar Bhawan, 20, Ashoka Road, New Delhi-110001, India
country:      IN
admin-c:      NC83-AP
tech-c:       CDN1-AP
mnt-by:       APNIC-HM
mnt-lower:    MAINT-IN-DOT
changed:      hostmaster@apnic.net 20011227
status:       ALLOCATED PORTABLE
source:       APNIC

root@svr [~]# whois 218.248.69.23
[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net node-1]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      218.248.0.0 – 218.248.255.255
netname:      BSNLNET
descr:        National Internet Backbone
descr:        Bharat Sanchar Nigam Limited
descr:        Sanchar Bhawan, 20, Ashoka Road, New Delhi-110001, India
country:      IN
admin-c:      NC83-AP
tech-c:       CDN1-AP
mnt-by:       APNIC-HM
mnt-lower:    MAINT-IN-DOT
changed:      hostmaster@apnic.net 20011227
status:       ALLOCATED PORTABLE
source:       APNIC

Hostname      Country Code      Country Name      Region      Region Name      City      Postal Code      Latitude      Longitude      ISP      Organization      Metro Code      Area Code
218.248.69.23     IN     India     13     Kerala     Palakkad         10.7725     76.6513     National Internet Backbone     National Internet Backbone

Hostname      Country Code      Country Name      Region      Region Name      City      Postal Code      Latitude      Longitude      ISP      Organization      Metro Code      Area Code
218.248.69.31     IN     India     07     Delhi     New Delhi         28.6000     77.2000     National Internet Backbone     National Internet Backbone

Hostname      Country Code      Country Name      Region      Region Name      City      Postal Code      Latitude      Longitude      ISP      Organization      Metro Code      Area Code
218.248.69.24     IN     India     07     Delhi     New Delhi         28.6000     77.2000     National Internet Backbone     National Internet Backbone

Hostname      Country Code      Country Name      Region      Region Name      City      Postal Code      Latitude      Longitude      ISP      Organization      Metro Code      Area Code
218.248.69.30     IN     India     07     Delhi     New Delhi         28.6000     77.2000     National Internet Backbone     National Internet Backbone



Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.