Feb 25, 2007

datacha0s/2.0 hacker bot

Blacklist Domain Ban: serverkompetenz.net Suspected spambot

myscript-.php?id= GET HTTP/1.0
Agent: datacha0s/2.0 h854010.serverkompetenz.net

Just saw the above atempted remote script access. The bot atempted to get my script to load its script at and get me to run it.

The website at that ip has the website kitchensolvers.com on it ans has likely been hacked.

Parsing input:
host (getting name) = www.modernimage.ws.
Display data:
"whois" (Getting contact from whois.arin.net )
Found AbuseEmail in whois abuse@enventis.com -
host = www.modernimage.ws (cached)
Host www.modernimage.ws (checking ip) =

No reporting addresses found for, using devnull for tracking.
Statistics: not listed in bl.spamcop.net
More Information.. not listed in dnsbl.njabl.org not listed in dnsbl.njabl.org not listed in cbl.abuseat.org not listed in dnsbl.sorbs.net

No valid email addresses found, sorry!


Anonymous said...

Thank you :)

So, i need to block these in my htaccess-file:


Fat Tony said...

serverkompetenz.net is a domain that is used by Strato (a German domain registrar and ISP) for their hosted servers.

All hosted servers at Strato have the name hXXXXX.serverkompetenz.net.

Blocking .serverkompetenz.net will have the side-effect of also blocking innocent servers.

tm said...

Well here is the problem. Its not a ISP so no real users are on it. Sinxce its only servers and abuse has been detected than no real problem in banning it.

Anonymous said...

My Blogger site has been visited by these same guys, today. TWICE, only the index.
I do not know what they tried to do. Should I bother to prevent them to visit again? How do I do this?

Anonymous said...

SetEnvIfNoCase User-Agent "DataCha0s/2.0" keep_out

order allow,deny
allow from all
deny from env=keep_out