Wednesday, December 06, 2006

Botnet Attempts Photo Cart Vulnerability Attack

Today some mental midget wannabe hackers tried to hit my site using what appeared to be a bunch of compromised locations looking for a Photo Cart vulnerability that they naively attempted over 1,000 times.

Can you say bot blocker you lame hacking idiots?

Check your log files for this little gem

/PhotoCart/adminprint.php?path=
Check out this list of sites that launched the attack:
66.7.193.220 [interzone.shiftinteractive.net.] requested 70 pages as "libwww-perl/5.805"
72.29.76.238 [72-29-76-238.static.dimenoc.com.] requested 50 pages as "libwww-perl/5.805"
72.29.83.98 [jet33.hasweb.com.] requested 53 pages as "libwww-perl/5.805"
72.29.66.235 [bravo.dnshttp.com.] requested 31 pages as "libwww-perl/5.805"
72.36.156.123 [osd1.myhostcenter.com.] requested 1 pages as "libwww-perl/5.805"
204.11.234.28 [vn1133.fireboxhosting.com.] requested 79 pages as "libwww-perl/5.805"
64.8.118.5 [64-8-118-5.hsphereweb.com.] requested 115 pages as "libwww-perl/5.801"
72.3.249.214 [ashopsoftware.com.] requested 50 pages as "libwww-perl/5.65"
147.202.41.61 [x.xhort.com.] requested 29 pages as "libwww-perl/5.805"
208.101.29.107 [asprojectos.com.] requested 85 pages as "libwww-perl/5.805"
209.47.167.151 [server.web-marketing-concepts.com.] requested 32 pages as "libwww-perl/5.805"
67.19.74.138 [www2.comradelycertitude.com.] requested 110 pages as "libwww-perl/5.805"
64.8.118.4 [64-8-118-4.hsphereweb.com.] requested 90 pages as "libwww-perl/5.801"
66.159.142.166 [66-159-142-166.adsl.snet.net.] requested 1 pages as "libwww-perl/5.803"
81.181.15.6 [mail.cipnet.ro.] requested 60 pages as "libwww-perl/5.805"
67.19.224.66 [lamda.asmallorange.com.] requested 44 pages as "libwww-perl/5.805"
82.165.27.174 [p15173001.pureserver.info.] requested 36 pages as "libwww-perl/5.76"
200.32.10.19 [200-32-10-19.prima.net.ar.] requested 29 pages as "libwww-perl/5.805"
216.22.48.208 [216.22.48.208.servint.net.] requested 35 pages as "libwww-perl/5.805"
83.15.63.115 [eih115.internetdsl.tpnet.pl.] requested 5 pages as "libwww-perl/5.803"
209.172.35.53 [ip-209-172-35-53.reverse.privatedns.com.] requested 36 pages as "libwww-perl/5.79"
67.18.16.82 [srv24.icx.pl.] requested 1 pages as "libwww-perl/5.805"
163.178.79.2 [server.micit.go.cr.] requested 32 pages as "libwww-perl/5.803"
203.167.111.133 [133.111.167.203.assigned.static.eastern-tele.com.] requested 15 pages as "libwww-perl/5.79"
66.40.38.148 [host148.maxim.net.] requested 11 pages as "libwww-perl/5.65"
164.77.213.115 [unknown] requested 1 pages as "libwww-perl/5.805"
195.242.211.253 [faq.ecobike.de.] requested 2 pages as "libwww-perl/5.48"
158.66.1.12 [service2.mg.gov.pl.] requested 32 pages as "libwww-perl/5.65"
219.93.90.33 [unknown] requested 4 pages as "libwww-perl/5.65"
63.246.154.22 [ukrainehosting.info.] requested 6 pages as "libwww-perl/5.805"
71.198.177.113 [c-71-198-177-113.hsd1.ca.comcast.net.] requested 2 pages as "libwww-perl/5.805"
64.8.114.14 [web-06.ihservers.com.] requested 1 pages as "libwww-perl/5.801"
209.47.139.138 [server.privatelabelarticlesite.net.] requested 1 pages as "libwww-perl/5.805"
Some appear to obviously be compromised sites.

Oh boy, let the fun begin!

Posted by IncrediBILL at 12/06/2006 07:44:00 PM

Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)