It is currently Sun Oct 22, 2017 1:01 pm

All times are UTC [ DST ]




 Page 1 of 1 [ 4 posts ] 
Author Message
 Post subject: Abuse Report
PostPosted: Sun Dec 31, 2006 1:27 am 

Joined: Sun Dec 31, 2006 1:21 am
Posts: 2
Hello,

One of your members hacked, rooted our server and used it as a bot in your IRC Channels.

Here is the information below:

Thu Dec 28 14:13:21 :Listener created :0.0.0.0 port 99989
Thu Dec 28 14:13:21 :psyBNC2.3.1-cBtITLdDMSNp started (PID :14597)
Thu Dec 28 14:13:21 :Loading all Users..
Thu Dec 28 14:13:21 :No Users found.
Thu Dec 28 14:13:30 :connect from host-85-114-250-107.adsl.caucasus.net
Thu Dec 28 14:13:33 :New User:Robi (Robi RiveRra) added by Robi
Thu Dec 28 14:13:44 :User Robi () trying astro.dal.net port 6667 ().
Thu Dec 28 14:14:18 :Hop requested by Robi. Quitting.
Thu Dec 28 14:14:18 :User Robi got disconnected from server.
Thu Dec 28 14:14:31 :User Robi () trying matrix.dal.net port 6667 ().
Thu Dec 28 14:15:16 :User Robi: cant connect to matrix.dal.net port 6667.
Thu Dec 28 14:15:17 :User Robi () trying astro.dal.net port 6667 ().
Thu Dec 28 14:15:44 :Hop requested by Robi. Quitting.
Thu Dec 28 14:15:44 :User Robi got disconnected from server.

*********************

PSYBNC.SYSTEM.PORT1=99989
PSYBNC.SYSTEM.HOST1=*
PSYBNC.HOSTALLOWS.ENTRY0=*;*
USER0.USER.LOGIN=GENIOSI
USER0.USER.PASS=*
USER0.USER.RIGHTS=1
USER1.USER.LOGIN=Robi
USER1.USER.USER=Robi RiveRra
USER1.USER.PASS=='T1G'k09`=1n18'4`9
USER1.USER.RIGHTS=1
USER1.USER.VLINK=0
USER1.USER.PPORT=0
USER1.USER.PARENT=0
USER1.USER.QUITTED=0
USER1.USER.DCCENABLED=1
USER1.USER.AUTOGETDCC=0
USER1.USER.AIDLE=0
USER1.USER.LEAVEQUIT=0
USER1.USER.AUTOREJOIN=1
USER1.USER.SYSMSG=1
USER1.USER.LASTLOG=0
USER1.USER.NICK=GENIOSI
USER1.SERVERS.SERVER1=us.undernet.org
USER1.SERVERS.PORT1=6667

**********************

I have no issues with anybody wanting to use IRC for whatever purpose they wish but rooting a web server that does nothing but cause problems for hundreds of people trying to conduct thier ecommerce business is nothing short of criminal and very tastless.

A copy of all files have been forward to the FBI's Cybercrime unit. I assume Undernet.org will take action against this user and not contribute to this problem.


Offline
 Profile  
 
 Post subject:
PostPosted: Sun Dec 31, 2006 2:36 am 

Joined: Sun Dec 31, 2006 1:21 am
Posts: 2
And this seems to be what they named the channel:

D_H_A_N_Y!~dhany!*@*


Offline
 Profile  
 
 Post subject:
PostPosted: Sun Dec 31, 2006 7:28 am 
Senior Cservice Admin
User avatar

Joined: Sun Jul 06, 2003 2:47 am
Posts: 564
Location: Hamilton, New Zealand
1. if it's who I think it is, we already know about him, he's a well known hacker.

2. while the settings include a server to connect to undernet with, the log you include shows him trying to connect to dal.net which is another irc network, you might want to notify them as well.

For future reference you can email this kind of thing to abuse@undernet.org, abuse-exploits@undernet.org (if you want help fixing your server), and cservice-abuse@undernet.org (will need your servers host to identify any registered usernames/channels they may have used).

I hope your server is ok.
- xplora@undernet.org

- Errors fixed, Etherfast, this is a post not an email.


Last edited by xplora on Fri Jan 05, 2007 3:19 pm, edited 1 time in total.


_________________
xplora @ undernet.org
Past Co-ordinator
Undernet Channel Services Committee
Offline
 Profile  
 
 Post subject:
PostPosted: Sun Dec 31, 2006 10:27 am 
Cservice Official
User avatar

Joined: Tue Sep 28, 2004 8:15 pm
Posts: 276
Location: Bucharest
1. abuse@undernet.org
2. abuse-exploits@undernet.org
3. cservice-abuse@undernet.org

There's a slight mark-up error on the second e-mail xplora wrote:)



_________________
Etherfast
Offline
 Profile  
 
Display posts from previous:  Sort by  
 Page 1 of 1 [ 4 posts ] 

All times are UTC [ DST ]


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

cron