| |||||||||||||
|
| |||||||||||||
The script is SOOOOOO sillyThe script is SOOOOOO sillyPosted Oct 25, 2004 14:35 UTC (Mon) by jeld (guest, #22397)Parent article: Fake Red Hat security update
These guys have no imagination. So, did anyone notify addlebrain.com that one of their boxen was rooted?
(Log in to post comments)
The script is SOOOOOO silly Posted Oct 25, 2004 14:44 UTC (Mon) by pascal.martin (guest, #2995) [Link] http://addlebrain.com was running Microsoft-IIS on Windows Server 2003 when last queried (Netcraft).
Not a root kit & no comment..
The script is SOOOOOO silly Posted Oct 25, 2004 15:06 UTC (Mon) by jeld (guest, #22397) [Link] Obviously it is not running IIS anymore, it runs some sort of apache. Here is the transcript:
HEAD / HTTP/1.0
HTTP/1.1 200 OK
addlebrain.com Posted Oct 26, 2004 1:57 UTC (Tue) by jtc (subscriber, #6246) [Link] I missed where addlebrain.com fits into this, but I get the following results from HEAD:
$ HEAD addlebrain.com
addlebrain.com Posted Oct 26, 2004 2:54 UTC (Tue) by jeld (guest, #22397) [Link] Well... looks like you are right, except, that addlebrain.com (running IIS 6) is being redirected to www.addlebrain.com running apache. Since this is a valid site, and the email address where the script is sending cracked host info is root@addlebrain.com I figured that someone rooted one of addlebrain's boxes. Otherwise I don't know. addlebrain.com seems to belong to a company called ABM Wireless which sells cell phone accessories. MX record for addlebrain.com points to a server on everyone.net domain which is a mail hosting company. I cannot find much info about addlebrain.com IP address, but www.addlebrain.com address belongs to a dedicated web server/colocation company ThePlanet.com.
|
|
||||||||||||