Undernet Forum
http://forum.undernet.org/

Abuse Report
http://forum.undernet.org/viewtopic.php?f=14&t=3776
Page 1 of 1

Author:  Canadaman1975 [ Sun Dec 31, 2006 1:27 am ]
Post subject:  Abuse Report

Hello,

One of your members hacked, rooted our server and used it as a bot in your IRC Channels.

Here is the information below:

Thu Dec 28 14:13:21 :Listener created :0.0.0.0 port 99989
Thu Dec 28 14:13:21 :psyBNC2.3.1-cBtITLdDMSNp started (PID :14597)
Thu Dec 28 14:13:21 :Loading all Users..
Thu Dec 28 14:13:21 :No Users found.
Thu Dec 28 14:13:30 :connect from host-85-114-250-107.adsl.caucasus.net
Thu Dec 28 14:13:33 :New User:Robi (Robi RiveRra) added by Robi
Thu Dec 28 14:13:44 :User Robi () trying astro.dal.net port 6667 ().
Thu Dec 28 14:14:18 :Hop requested by Robi. Quitting.
Thu Dec 28 14:14:18 :User Robi got disconnected from server.
Thu Dec 28 14:14:31 :User Robi () trying matrix.dal.net port 6667 ().
Thu Dec 28 14:15:16 :User Robi: cant connect to matrix.dal.net port 6667.
Thu Dec 28 14:15:17 :User Robi () trying astro.dal.net port 6667 ().
Thu Dec 28 14:15:44 :Hop requested by Robi. Quitting.
Thu Dec 28 14:15:44 :User Robi got disconnected from server.

*********************

PSYBNC.SYSTEM.PORT1=99989
PSYBNC.SYSTEM.HOST1=*
PSYBNC.HOSTALLOWS.ENTRY0=*;*
USER0.USER.LOGIN=GENIOSI
USER0.USER.PASS=*
USER0.USER.RIGHTS=1
USER1.USER.LOGIN=Robi
USER1.USER.USER=Robi RiveRra
USER1.USER.PASS=='T1G'k09`=1n18'4`9
USER1.USER.RIGHTS=1
USER1.USER.VLINK=0
USER1.USER.PPORT=0
USER1.USER.PARENT=0
USER1.USER.QUITTED=0
USER1.USER.DCCENABLED=1
USER1.USER.AUTOGETDCC=0
USER1.USER.AIDLE=0
USER1.USER.LEAVEQUIT=0
USER1.USER.AUTOREJOIN=1
USER1.USER.SYSMSG=1
USER1.USER.LASTLOG=0
USER1.USER.NICK=GENIOSI
USER1.SERVERS.SERVER1=us.undernet.org
USER1.SERVERS.PORT1=6667

**********************

I have no issues with anybody wanting to use IRC for whatever purpose they wish but rooting a web server that does nothing but cause problems for hundreds of people trying to conduct thier ecommerce business is nothing short of criminal and very tastless.

A copy of all files have been forward to the FBI's Cybercrime unit. I assume Undernet.org will take action against this user and not contribute to this problem.

Author:  Canadaman1975 [ Sun Dec 31, 2006 2:36 am ]
Post subject: 

And this seems to be what they named the channel:

D_H_A_N_Y!~dhany!*@*

Author:  xplora [ Sun Dec 31, 2006 7:28 am ]
Post subject: 

1. if it's who I think it is, we already know about him, he's a well known hacker.

2. while the settings include a server to connect to undernet with, the log you include shows him trying to connect to dal.net which is another irc network, you might want to notify them as well.

For future reference you can email this kind of thing to abuse@undernet.org, abuse-exploits@undernet.org (if you want help fixing your server), and cservice-abuse@undernet.org (will need your servers host to identify any registered usernames/channels they may have used).

I hope your server is ok.
- xplora@undernet.org

- Errors fixed, Etherfast, this is a post not an email.

Author:  Etherfast [ Sun Dec 31, 2006 10:27 am ]
Post subject: 

1. abuse@undernet.org
2. abuse-exploits@undernet.org
3. cservice-abuse@undernet.org

There's a slight mark-up error on the second e-mail xplora wrote:)

Page 1 of 1 All times are UTC [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/