Feb 19, 2008

More Botnets found

403 User-Agent was found on blacklist
Agent: libwww-perl/5.808
70.86.201.130 pouch.kangaroopartners.com
Agent: libwww-perl/5.808
70.84.175.98 mail.zoiig.com
Agent: libwww-perl/5.808
69.65.40.218 greenlifestyletoday.com
Agent: libwww-perl/5.805
195.177.193.178 creativestation.co.uk
Agent: libwww-perl/5.808
72.36.179.98 orbitdesignworks.com
Agent: libwww-perl/5.808
65.91.249.193 alef.northtrex.com
Agent: libwww-perl/5.79
64.13.255.23 familyguy.ca
Agent: libwww-perl/5.803
64.49.254.23 server1.opennms.org
Agent: libwww-perl/5.79
72.36.235.74 newinst.greenbaumstaging.com
Agent: libwww-perl/5.79
89.234.7.39 ns3.ctm-it.com
Agent: libwww-perl/5.808
64.141.102.13 64-141-102-13.static.dns77.com
Agent: libwww-perl/5.805
80.177.187.23 no-dns-yet.demon.co.uk
Agent: libwww-perl/5.808
72.29.78.145 72-29-78-145.static.dimenoc.com
Agent: libwww-perl/5.805
87.106.221.124 s15289207.onlinehome-server.info
Agent: libwww-perl/5.808
64.118.86.20 drive28.123servers.com
Agent: libwww-perl/5.808
86.109.105.76
Agent: libwww-perl/5.805
193.33.20.193 master.herrotto.de

4 comments:

Ranger Rick said...

So I see my server in that list; what's the best way to rid myself of the botnet now that you say you found one?

I've shut down my web server, and have it instead squid-forwarded to my (up-to-date) server, and I can't really find anything that seems to be misbehaving anymore.

tm said...

All I know is that all of those servers accessed the same file a the same time using the same fake useragent.

Carina said...

Great news that you are back. I wondered about updates and so on and hoped that you weren´t ill or anything that stopped you from writing about bots and stuff.

I tried to download the mm-autoban.gif but it only gives an error.

A question I have wondered about is what is /images/hog.gif as it is missing and I cannot figure out what it looks like or were it can be found?

tmaster said...

Didnt have much free time for the last year. I had a job keeping up cable headends and dishes for 30 cities. The company just went under.