08-05-2004, 09:08 AM | #11 | ||
Join Date: Mar 2004
Location: Cambridge, England
Posts: 1,342
|
before we start randomly blaming people
I say we blaim the New Guy! ehm failing to do that it could be a virus... or perhaps an accident? |
||
|
|
08-05-2004, 11:53 AM | #13 | ||
Join Date: Mar 2004
Location: Cambridge, England
Posts: 1,342
|
fine
I blame you... your infected game... and your army of smurfs and if you didn't do it... it was captain Snuffles, in the bathroom, with a sponge (for those that don't get it... search for the boardgame Clue) |
||
|
|
08-05-2004, 12:24 PM | #14 | ||
Join Date: Oct 2003
Location: Ranelagh, Ireland
Posts: 1,577
|
OK, after some digging, I've found the IP of the intruder that did this. It was someone from the UK it seems. To be precise:
Fri May 7 15:41:53 2004 0 host213-122-59-207.in-addr.btopenworld.com Now to check the forum logs to see if anyone uses that IP! And if not, well, must be a random hacker! |
||
|
|
08-05-2004, 12:56 PM | #15 | ||
Join Date: Oct 2003
Location: Ranelagh, Ireland
Posts: 1,577
|
ok, after some more research, this is what I came up with...
So, the original address that the "hacker" used when connecting via FTP was host213-122-59-207.in-addr.btopenworld.com So, extract the IP from that, we get 213.122.59.207 Since the IPs are logged in the forum, I extracted everything that falls under the 213.122.xxx.xxx range (which I believe Brittish Telecom certainly has) and I got a very interesting result. No names yet, since it could be a mistake, but there IS a person on this forum who uses the 213.122 range repeatedly. :? Now, a lot of people certainly connect via BT so its too much of a wild guess to be certain. Perhaps its just a coincidence. I'll keep you informed |
||
|
|
08-05-2004, 02:46 PM | #16 | ||
|
I am beginning to suspect my own machine as being the traitor. :?
In the past I have had problems with people trying to access my machine through the use of a socalled "Trojan Horse". I thought I had gotten rid of these jerks, but maybe I haven't. Neither the firewall I use or any of my anti-spyware programs have detect anything unusual, but I think that I might have a free-loafer. Is there something I can do to be sure? Any programs I can use? As for the IP. I am not sure how I can find my own IP, but there is a chance that I am connected to the British one as I only live across the lake. Please tell me what I can do to be sure my machine has not been used against you guys.
__________________
ViGERP AKA what I have been working on these last couple of years... |
||
|
|
08-05-2004, 03:04 PM | #17 | ||
Join Date: Mar 2004
Location: Cambridge, England
Posts: 1,342
|
make a search for "my ip" on google
there are serveral sites which display your ip |
||
|
|
08-05-2004, 03:07 PM | #19 | ||
Join Date: Oct 2003
Location: Ranelagh, Ireland
Posts: 1,577
|
Quote:
-------------------------------------------------- Zupah_Smurf/s722/plugins/plugins/icqpwsteal.dll b _ i r kostak ftp 0 * c Zupah_Smurf/s722/plugins/plugins/icqpwsteal.txt b _ i r kostak ftp 0 * c Zupah_Smurf/s722/plugins/plugins/matrix.dll b _ i r kostak ftp 0 * c <cut> Zupah_Smurf/s722/s7config.cfg b _ i r kostak ftp 0 * c Zupah_Smurf/s722/server.exe b _ i r kostak ftp 0 * c Zupah_Smurf/s722/sin.exe b _ i r kostak ftp 0 * c Zupah_Smurf/s722/sub7.exe b _ i r kostak ftp 0 * c -------------------------------------------------- OK, so what this basically means is that, for some unknown reason, one of the most popular backdoors ever - subseven, was in your directory on the server. OK, so this is how I think the story goes: You had / have sub7 installed on your computer. The intruder connected to your machine and extracted all passwords from your computer (yes, it can do that). Then the guy saw the password for abandonia which I gave you. He then connected to the site using WS_FTP and uploaded sub7 to your directory (that's what the logs show he did). I have absolutely no idea why he did it. After he uploaded sub7 to your directory on the server, he erased everything, and left the sub7 files and directories intact. In fact, that was one of the only things left on the server. However, he wasn't very smart because he thought that by deleting the access.log he would cover his tracks. I filed an abuse complaint to Brittish Telecom. Maybe they'll answer, maybe they wont. Time will tell. One thing is sure - Tom, get some anti-virus software please |
||
|
|
08-05-2004, 03:23 PM | #20 | ||
|
The only program I have downloaded with the letter 7 in it is 7-zip, and the only FTP I have ever used is yours, Kosta. I didn't know what a FTP was until you told me.
And I found the same Ip-address as you did. But if it is the files in that folder that are corrupt, how do I prevent that from ever happening again. It would be a shame if the site becomes deleted every time I supply you with a new game.
__________________
ViGERP AKA what I have been working on these last couple of years... |
||
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Heroes of Might and Magic II [GoG] | Anonymous | Invalid Requests | 68 | 30-04-2012 06:57 PM |
Who Deleted Topic? | Rogue | Old Suggestions | 48 | 16-04-2006 06:08 PM |
Posts Deleted | Grinder | Blah, blah, blah... | 26 | 26-01-2006 02:59 PM |
Topic Deleted?!?!? | quatroking | Blah, blah, blah... | 17 | 17-02-2005 04:47 PM |
|
|
||
  |