[TAG] [lgang] Paypal spam
Benjamin A. Okopnik
ben at linuxgazette.net
Fri Feb 16 20:46:52 MSK 2007
On Fri, Feb 16, 2007 at 09:47:43AM -0500, David Richardson wrote:
> On Thu, Feb 15, 2007 at 08:51:48PM -0800, Benjamin A. Okopnik wrote:
> >
> > ``
> > ben at Fenrir:~$ perl -wle'print join ".", map hex, "0xc8.0x2b.0x50.0x74" =~ /0x(..)/g'
> > 200.43.80.116
> > ben at Fenrir:~$ whois 200.43.80.116|egrep '^[a-z-]+:'
> > inetnum: 200.43.80.112/28
> > status: reallocated
> > owner: Coop.Telef?ica de Villa del Totoral Ltda.
> > ownerid: AR-CVTL-LACNIC
> > responsible: Carlos Sanchez
> > address: Pte.Per?, 551,
> > address: 5236 - Villa del Totoral (Cordoba) -
> > country: AR
> > phone: +54 3524 647574 []
> > owner-c: CRS3
> > tech-c: CRS3
> > created: 20040420
> > changed: 20040420
> > inetnum-up: 200.43/16
> > nic-hdl: CRS3
> > person: Carlos R. Sanchez
> > e-mail: csanchez24 at COOPTOTORAL.COM.AR
> > address: Pte Peron 551, 0054, 3524470900
> > address: 5236 - Villa del Totoral -
> > country: AR
> > phone: +0054 3524 470900 [470000]
> > created: 20040213
> > changed: 20040213
> > ''
> >
> > Ah, a default install of RHEL that got cracked. I'm feeling a bit too
> > lazy to ping the admin myself... it would be like sweeping back the
> > tide.
>
> Ben:
>
> This makes me feel massively stupid, but I must ask: How do you get
> from the above info to "default install of RHEL that got cracked"
Sorry, Dave - didn't mean to make you feel stupid. There's nothing in
the above to indicate it, but if you go to the IP/URL (i.e.,
http://200.43.80.116), it shows the default RHEL "Welcome" banner.
[clickety-click] Um, it used to, that is. Perhaps the owner has caught
on that he was being used as a mule.
--
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
More information about the TAG
mailing list