GoFuckYourself.com - Adult Webmaster Forum - View Single Post

SplitInfinity · 08-18-2004, 04:19 AM

Learning more about this hacker....

xpire.info = A rooted server of someone elses.... I found a backdoor he installed:

Http://xpire.info/s/2
http://xpire.info/s/2?=$REQUEST_URI;?

Take a peek. That allows him to run shell commands.

Trying to locate him, I found his thing hidden atop this site:
http://www.allo-webmaster.com/heberg...xpire.info/s/2
Look at the small print on the top...

Might wanna see if he owns that site or if the owner of the site can explain why that link is on the top? Perhaps he is compromised as well? Perhaps this IS him?

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
%% BookMyName Whois version 1.0
%%
DOMAIN
Domain Name : allo-webmaster.com (AWC18-BMN-DOM)
Registrar : BookMyName
Whois Server : whois.bookmyname.com
Referral URL : https://www.bookmyname.com

Registrant / Admin Contact :
PERSON
Zak SADIQ (SADIQ2-BMN-PE)

hay salam 70

11000 Sale
FRANCE
phone : 02147483647
fax :
e-mail : [email protected]

Billing Contact :
PERSON
Zak SADIQ (SADIQ2-BMN-PE)

hay salam 70

11000 Sale
FRANCE
phone : 02147483647
fax :
e-mail : [email protected]

Technical Contact :
PERSON
Zak SADIQ (SADIQ2-BMN-PE)

hay salam 70

11000 Sale
FRANCE
phone : 02147483647
fax :
e-mail : [email protected]

Domain servers :
ns1.publi6.net (NPN23-BMN-HST)

ns2.publi6.net (NPN24-BMN-HST)

Created on 03/10/2004 18:21:45
Updated on 04/02/2004 14:49:02
Expires on 03/10/2005 13:21:45

Interesting HTML:

<title>Http://xpire.info/s/2 : recherche sur Http://xpire.info/s/2</title>hahahahahaha name="description" content="Http://xpire.info/s/2 ">
hahahahahaha name="keywords" content="Http://xpire.info/s/2">
hahahahahaha name="revisit-after" content="15 days">
hahahahahaha name="robots" content="index,follow">
hahahahahaha NAME="Language" CONTENT="fr">
hahahahahaha name="rating" content="General">
hahahahahaha name="resource-type" content="document">
hahahahahaha name="distribution" content="Global">
hahahahahaha name="copyright" content="Copyright (C), 2004, Allo webmaster , Http://xpire.info/s/2 ">
hahahahahaha name="author" CONTENT="Zaki">
hahahahahaha NAME="Language" CONTENT="fr">
hahahahahaha NAME="Identifier-URL" CONTENT="http://www.allo-webmaster.com">
hahahahahaha NAME="Reply-to" CONTENT="[email protected]">
hahahahahaha hahahahahahahahahaha="Content-Type" content="text/html; charset=iso-8859-1">
<link href="http://www.allo-webmaster.com/style.css" rel="stylesheet" type="text/css">

08-18-2004, 04:19 AM
SplitInfinity Confirmed User Join Date: Dec 2002 Location: San Diego, CA Posts: 3,047	Learning more about this hacker.... xpire.info = A rooted server of someone elses.... I found a backdoor he installed: Http://xpire.info/s/2 http://xpire.info/s/2?=$REQUEST_URI;? Take a peek. That allows him to run shell commands. Trying to locate him, I found his thing hidden atop this site: http://www.allo-webmaster.com/heberg...xpire.info/s/2 Look at the small print on the top... Might wanna see if he owns that site or if the owner of the site can explain why that link is on the top? Perhaps he is compromised as well? Perhaps this IS him? The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. %% BookMyName Whois version 1.0 %% DOMAIN Domain Name : allo-webmaster.com (AWC18-BMN-DOM) Registrar : BookMyName Whois Server : whois.bookmyname.com Referral URL : https://www.bookmyname.com Registrant / Admin Contact : PERSON Zak SADIQ (SADIQ2-BMN-PE) hay salam 70 11000 Sale FRANCE phone : 02147483647 fax : e-mail : [email protected] Billing Contact : PERSON Zak SADIQ (SADIQ2-BMN-PE) hay salam 70 11000 Sale FRANCE phone : 02147483647 fax : e-mail : [email protected] Technical Contact : PERSON Zak SADIQ (SADIQ2-BMN-PE) hay salam 70 11000 Sale FRANCE phone : 02147483647 fax : e-mail : [email protected] Domain servers : ns1.publi6.net (NPN23-BMN-HST) ns2.publi6.net (NPN24-BMN-HST) Created on 03/10/2004 18:21:45 Updated on 04/02/2004 14:49:02 Expires on 03/10/2005 13:21:45 Interesting HTML: <title>Http://xpire.info/s/2 : recherche sur Http://xpire.info/s/2</title>hahahahahaha name="description" content="Http://xpire.info/s/2 "> hahahahahaha name="keywords" content="Http://xpire.info/s/2"> hahahahahaha name="revisit-after" content="15 days"> hahahahahaha name="robots" content="index,follow"> hahahahahaha NAME="Language" CONTENT="fr"> hahahahahaha name="rating" content="General"> hahahahahaha name="resource-type" content="document"> hahahahahaha name="distribution" content="Global"> hahahahahaha name="copyright" content="Copyright (C), 2004, Allo webmaster , Http://xpire.info/s/2 "> hahahahahaha name="author" CONTENT="Zaki"> hahahahahaha NAME="Language" CONTENT="fr"> hahahahahaha NAME="Identifier-URL" CONTENT="http://www.allo-webmaster.com"> hahahahahaha NAME="Reply-to" CONTENT="[email protected]"> hahahahahaha hahahahahahahahahaha="Content-Type" content="text/html; charset=iso-8859-1"> <link href="http://www.allo-webmaster.com/style.css" rel="stylesheet" type="text/css">