[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Warning - hack attempts




On 13-Oct-98 Eli Marmor wrote:
> Marc A. Volovic wrote:
>> 
>> I am getting repeated imapd hack attempts from shsrv.shaked.co.il and
>> unitednation.net, please take note.
> 
> According to my logs, "unitednation.net" tried all the known
> vulnerabilities: named AXFR buffer overflow, telnet guesses, imapd,
> finger old hole, httpd vulnerabilities (e.g. "phf" of yearly
> servers), and POP3. It tried all of these on all the available IPs.
> I believe they just use the robot which is widespread on the Net.
> The attacks are the usual ones. I face DOZENS of similar attacks per
> week.
> 
> I am more concerned about the unknown holes, which hackers expoited
> in sites like Slashdot and FIFA99 (the last was hacked by an Israeli
> hacker). Does anybody have any idea what is the new hole and/or how
> to defend yourself?
> 
> -- 
> Eli Marmor
> marmor@elmar.co.il
> El-Mar Software Ltd.
> 


I got the  same attempts from unitednation.net.
The interesting thing is that this machine is a website of an ISP!!!
I am going to send them a standard complaint.
It is either a hacked website or ... it is owned by hackers. Probably the first
but just in case I am going to write to their carrier as well.

A second thought: I looked at their site. It seems totally broken and
unfunctional copy of www.dn.net. Www.dn.net might have nothing to do with this,
this might be a hacker site using pages of www.dn.net as a cover. So, I am
going to write to  abuse@dn.net as well. If you like a copy of the complaint,
please request it via email. 

---------------------------------
Constantine Gavrilov
Unix System Administration
MIS, Indigo Ltd.
Tel. 08-9381058
E-Mail: costag@indigo.co.il
Date: 13-Oct-98
Time: 11:13:37

This message was sent by XFMail
----------------------------------