Baby hacker has moved to http://babycaleb.mvhosted.com
And his baby bots are now trying to inject this new url into websites.
The site when inspected using Spam Spade to avoid any virus infection shows the exploit is in the html just like before.
A search shows its infected many websites. http://www.google.com
Parsing input: http://babycaleb.mvhosted.com
Host babycaleb.mvhosted.com (checking ip) = 74.53.187.178
host 74.53.187.178 = picsfolio.com.187.53.74.in-addr.arpa (cached)
Host babycaleb.mvhosted.com (checking ip) = 74.53.187.178
host 74.53.187.178 = picsfolio.com.187.53.74.in-addr.arpa (cached)
Routing details for 74.53.187.178
[refresh/show] Cached whois for 74.53.187.178 : abuse@theplanet.com
Using abuse net on abuse@theplanet.com
abuse net theplanet.com = abuse@theplanet.com
Using best contacts abuse@theplanet.com
Send abuse messages to theplanet.com
Nov 20, 2008
Nov 12, 2008
itsapic.com/crawler.html another beta
208.43.85.166
Required header 'Accept' missing GET / HTTP/1.0
User-Agent: Mozilla/5.0 (compatible; itsapic.com_crawler/0.01 +http://itsapic.com/crawler.html; crawler@itsapic.com)
Connection: close
Referer: http://u.webring.com/hub?ring=xxxxxxxxxxxxxxxx
This bot was scanning webing looking for sites and got blocked by BB so watch for it.
Website does not tell what its doing or ask permission to enter your site.
add to robots
User-agent: itsapic.com_crawler
Disallow: /
Required header 'Accept' missing GET / HTTP/1.0
User-Agent: Mozilla/5.0 (compatible; itsapic.com_crawler/0.01 +http://itsapic.com/crawler.html; crawler@itsapic.com)
Connection: close
Referer: http://u.webring.com/hub?ring=xxxxxxxxxxxxxxxx
This bot was scanning webing looking for sites and got blocked by BB so watch for it.
Website does not tell what its doing or ask permission to enter your site.
add to robots
User-agent: itsapic.com_crawler
Disallow: /
Labels:
itsapic.com
Nov 8, 2008
babycaleb.fortunecity.co.uk hacker now shut down.
Am getting a lot of these request lately
/shop/catalog/product_info.php?cPath=http://babycaleb.fortunecity.co.uk/index.htm
They are from lots of IPS all trying to remote load this page. Inside that page is a hack atempt. AVG gives an alarm if you try to view the source.
Do not go to the website babycaleb.fortunecity.co.uk AVG detects a virus but it still gets into your system. Look for ..
c:\windows\system32\tools\regexe.exe
a trojan horse downloader.generic8.cox
--updated-
The site has now been shutdown.
A search of google
http://www.google.com/search?q=babycaleb.fortunecity.co.uk shows that sites all over the net are infected with this atack and they are allowing the atack to spread. Perhaps they are involved in the atack?
/shop/catalog/product_info.php?cPath=http://babycaleb.fortunecity.co.uk/index.htm
They are from lots of IPS all trying to remote load this page. Inside that page is a hack atempt. AVG gives an alarm if you try to view the source.
Do not go to the website babycaleb.fortunecity.co.uk AVG detects a virus but it still gets into your system. Look for ..
c:\windows\system32\tools\regexe.exe
a trojan horse downloader.generic8.cox
--updated-
The site has now been shutdown.
A search of google
http://www.google.com/search?q=babycaleb.fortunecity.co.uk shows that sites all over the net are infected with this atack and they are allowing the atack to spread. Perhaps they are involved in the atack?
Subscribe to:
Posts (Atom)
