blog.px

Well as an update to that lame [tag]hack attempt[/tag] from last week. Here are the logs of a continuing attack, which is still going on at this time. I would look into it further but, I have a huge headache, and my ability to sit up right at the moment is painful. I reported the last incident to the appropriate parties including Tucows, without any such reply. Maybe I will attempt to report this one, but doubtfully anyone will listen again.
It appears to be the same botnet script from looking at the URL it wants to grab.
This is just plain annoying.

[update]
OK, so I couldn’t help myself from downloading the scripts. and low and behold, they are attempting to DDOS the cia.gov website. The files they attempt to retrieve do not exist of course. And are provided with a redirect link to.
https://www.cia.gov/redirects/ciaredirect.html

$ diff borek.txt ../2006.12.25/borek.txt 
13c13
< my $sPort      = '7778';
---
> my $sPort      = '6667';
23c23
< open(LOCK, '>/tmp/sess_ter8c25f563ff894083bf9db1011bde6') or die;
---
> open(LOCK, '>/tmp/sess_et12c22f5t4fg872r83bf9db1e11bde6') or die;
203,205c203,205
< my $bPath = '/tmp/sess_66f0ef45beea164fc15fd24d1e9d7311';
<     my $rfi   = 'http://cia.gov/czap.txt';
<     my $bLoc = 'http://cia.gov/barek.txt';
---
>     my $bPath = '/tmp/sess_65e12f31e32a36ufc15fd24d1e9d7311';
>     my $rfi   = 'http://webstorch.com/cap.txt';
>     my $bLoc = 'http://webstorch.com/borek.txt';