Feb 19, 2008

More Botnets found

403 User-Agent was found on blacklist
Agent: libwww-perl/5.808 pouch.kangaroopartners.com
Agent: libwww-perl/5.808 mail.zoiig.com
Agent: libwww-perl/5.808 greenlifestyletoday.com
Agent: libwww-perl/5.805 creativestation.co.uk
Agent: libwww-perl/5.808 orbitdesignworks.com
Agent: libwww-perl/5.808 alef.northtrex.com
Agent: libwww-perl/5.79 familyguy.ca
Agent: libwww-perl/5.803 server1.opennms.org
Agent: libwww-perl/5.79 newinst.greenbaumstaging.com
Agent: libwww-perl/5.79 ns3.ctm-it.com
Agent: libwww-perl/5.808 64-141-102-13.static.dns77.com
Agent: libwww-perl/5.805 no-dns-yet.demon.co.uk
Agent: libwww-perl/5.808 72-29-78-145.static.dimenoc.com
Agent: libwww-perl/5.805 s15289207.onlinehome-server.info
Agent: libwww-perl/5.808 drive28.123servers.com
Agent: libwww-perl/5.808
Agent: libwww-perl/5.805 master.herrotto.de


Ranger Rick said...

So I see my server in that list; what's the best way to rid myself of the botnet now that you say you found one?

I've shut down my web server, and have it instead squid-forwarded to my (up-to-date) server, and I can't really find anything that seems to be misbehaving anymore.

tm said...

All I know is that all of those servers accessed the same file a the same time using the same fake useragent.

Carina said...

Great news that you are back. I wondered about updates and so on and hoped that you weren´t ill or anything that stopped you from writing about bots and stuff.

I tried to download the mm-autoban.gif but it only gives an error.

A question I have wondered about is what is /images/hog.gif as it is missing and I cannot figure out what it looks like or were it can be found?

tmaster said...

Didnt have much free time for the last year. I had a job keeping up cable headends and dishes for 30 cities. The company just went under.