|
Hey, I just thought about something,
if you still have your web servers logs, I bet your hackers IP is in the web logs..... He will have been the VERY FIRST person to see the IFRAMES.... They always test their work just after they implemeted the html modifications...... They normally will be one of the very first hits in your web logs just after the mods were done so thats a good way to age the hack and know what time it occurred..... Keep in mind the last octets of his ip may change because his ISP told me they only have that one class C for their broadband customers... :-) |
Just emailed him again:
SUBJECT: Yahoo space utilization he will click on it, say Fuck that spammer and delete it.... meanwhile I log him again. I have logged him from the same class C 3 times now during the hours of 1am to 3 am PST so that is his hours of operation and that time fits daytime in his countrys time zone. :-) So were creating a dossier on this guy. :-) |
Looks like some of you guys tried my honeypot link:
Notice the gfy referral links. :-0 62.42.228.6 www.splitinfinity.com - [19/Aug/2004:16:32:47 -0700] "GET /themainman HTTP/1.1" 302 302 "http://www.gofuckyourself.com/showthread.php?s=&threadid=342366&perpage=50&pagen umber=2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 68.83.122.119 www.splitinfinity.com - [19/Aug/2004:17:35:57 -0700] "GET /themainman HTTP/1.1" 302 302 "http://www.gfyboard.com/showthread.php?s=&threadid=342366&perpage=50&pagen umber=2" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2" 164.107.220.226 www.splitinfinity.com - [19/Aug/2004:17:58:51 -0700] "GET /themainman HTTP/1.1" 302 302 "http://www.gofuckyourself.com/showthread.php?s=&threadid=342366&perpage=50&pagen umber=2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)" |
Quote:
|
Quote:
lmfao |
Quote:
hahaha nice! owned. |
Hahahah,
Had to change my honeypot link in the emails I sent him because I got 124 GFY'ers trying to load it up to see what it does.... lol! That will interfere with my forensics. :-) So I changed it from here on out. You guys dont wanna be mistaked for Joe hacker do you? HEY, there cold be a nice reality show, Joe Hacker. :-) |
Quote:
whats your icq ? i need to get in touch with you. |
SplitInfinity :thumbsup :thumbsup
|
64791506
:-) |
Thanks for the :thumbsup
|
We sold several accounts yesterday with the offer we posted, it appears that people liked it a lot. We have decided to offer it again today.
Today we have 3 more 10Mb/s Unmetered Dedicated Server packages available. - P4 2.4ghz - 1GB RAM - 80GB IDE - 10Mb/s Unmetered Bandwidth (10Mb/s port) - Linux/FreeBSD - Cpanel available at extra cost if desired. - $500.00 per month - FREE SETUP Use coupon ' chrislovesme ' for 75% off of your order. --> Click Here to order Instantly <-- We can have you online today. Contact me if you have any questions. |
You can have so much more fun with that guy, you know he's just begging to come at you now.
|
hahahah! The guy ICQ'd me!
I sent him an email saying: SUBJECT: hey dude, ICQ ME. Wanted to know if I can hire you to do network security for me. I was referred to you by some porn people. he replied and is sending me a resume. hahahah! The fuker lives in seattle! He is in Russia for the summer to visit some relatives and study there. hahaha I cant wait to get all his info. I will scan the shit when I get the fax. Note: He is FAXING it to me.... Let's hope the part of russia where he is has caller ID. :-) |
Quote:
You Rock |
Quote:
|
Quote:
|
Quote:
How can you be certain you have plugged every hole of a rooted box? |
You can be reasonable certain if you know what you are doing and take steps in advance of ever being hacked to prevent major corruption, like kernel level ACL's and so forth, however you cannot ever be truly certain until you first know HOW he got in and WHAT they ran to rootkit your system.
For example, if you find their rootkit, the you can be pretty sure... but NEVER 100%. I would never say 100% because were human and we miss obvious things. Hackers use the psychological understanding they know of us to abuse us and re-enter our systems.... Lots of hackers imbed backdoors in our own php scripts... so even a program YOU WROTE might have been modified by the hacker without you knowing to email him your password file so he can run crack on it or even to execute other files he hid on the server at his request by loading a url he hid on your box.... Run on sentences tonight. :-) |
i guess we know he doesnt read gfy
|
:anon <- lets hope that aint him. hahaha
|
Nice work SplitInfinity. Time to kick some ass! :BangBang:
|
I understood exactly 0% of that but very impressive! Awsome work :thumbsup
|
Got the fax yet?
|
OrgName: RIPE Network Coordination Centre
OrgID: RIPE Address: Singel 258 Address: 1016 AB City: Amsterdam StateProv: PostalCode: Country: NL Btw, whats up with these guys? They live 5 mins from my place. |
Kernel trojans are the shit. none of this crappy replacing binaries crap.
|
Quote:
hands out IP space to ISP'S. |
His fax isnt working, he keeps trying to fax me to no avail.... long distance dirty phone lines are noisy.... error says too much line noise.
He will try from his work. LOL! |
Got his FAX!!! What a moron.
I gotta scannerize this shit! hahahaha |
Chris that was my fax
It didn't come out? damn sorry |
hahahah
Moose, that hacker actually faxed me a resume. He even put his parents phone numbers and addresses down as references. |
this is the best shit I have ever read here... I know who to call in the near future for help now.
|
Anyone got a flat bed scanner?
Ahhh I will fax it to efax and screen shot it. That should work coz my scanner aint. lol |
I found AdultMovieSearcher's partner application page and sweet-hot-sex.com/s main TGP page both attempting to run the CHM exploit last week.
Are either of these yours, makingcoin? I posted the news on thinkreel, so you may want to reply there if so. |
Quote:
|
Should I hire him? LMAO!
|
pics ?? or did you hire him ?
|
Quote:
|
Only a moron views e-mail in anything other than plain text format.
(in yahoo mail check the "Security: Block HTML graphics in email messages from being downloaded" box) This guy is a putz... |
nice work SI... crontab his punk ass.
oh, and btw, nice buildup towards reaching your 666th post..! http://twash.com/iku/leperkiss.gif |
| All times are GMT -7. The time now is 12:29 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123