CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 934
Comments: 25
block bottom
spacer spacer

WsIRT(TM)

Webserver Incident Reporting and Termination(TM) Squad

NOTE: Web servers have logs and in those logs is evidence of attempted hacking. For instance, one may notice an attack that calls such a script from a remote server "r57.php??". Its these kinds of attacks we're looking to investigate. For a concrete example, see these reports.

Please do not submit phish, spam, or malware to WsIRT. Only submit attack signatures from web server logs. As this project hasn't officially been publicly launched, we are still reclassifying the tool and its verbiage.

[ How-To / FAQ ]

WsIRT -> Confirmed Attacks | Terminated Attacks


status: confirmed attack

IDTITLEENTRYREPORTERTIMESTAMPTOPIC
1186OS Disclosure, RFI Scanner Public, Simple PHP Injection, id Disclosurehttp://www.pcr.ac.id/~rina/includes/file/mic.Paul24 Dec, 2007 @ 04:57:31211221
1102C99Shellhttp://kashiwadaisuke.com/templates_c/contacttetak19 Dec, 2007 @ 11:36:16211113
1101r57shellhttp://www.netpressz.hu/wap/a.txtdownie18 Dec, 2007 @ 04:03:28211102
1017MyShellhttp://makebuy.50webs.com/admin.phpdownie16 Dec, 2007 @ 21:59:19210717
892r57shellhttp://www.rhinoportail.com/cache/bawoek.kecePaul16 Dec, 2007 @ 19:14:46210635
863IRC Bot Shellhttp://laudanskisucksss.chat.ru/placeholder/iPaul13 Dec, 2007 @ 00:22:14210364
723C99Shellhttp://fsf.efoot.info/mambots/editors/99.txtdownie10 Dec, 2007 @ 18:21:53210288
583Defacing Toolhttp://br.geocities.com/d4n1loo/tool25.txt?&aPaul04 Dec, 2007 @ 18:35:35209642
575r57shellhttp://giks.net/php/x/rst.txt?cmd=idPaul04 Dec, 2007 @ 18:35:35209646
562File List Backtoolhttp://www.geocities.com/motoboi777/cmd.tar.gPaul04 Dec, 2007 @ 18:35:35209641
533JA1290shellhttp://electrobox106.com/7.txt??Paul04 Dec, 2007 @ 04:59:59209649
484RFI Scanner Public, r57shellhttp://celebritytemple.com/halle_berry/gallerdownie04 Dec, 2007 @ 04:34:30209588
483C99Shell, r57shellhttp://usuarios.lycos.es/mynameiszero/c99.txtAnonymous03 Dec, 2007 @ 12:44:01209587
331C99Shellhttp://unixsolution.com.br/insecure/priv8/c99Paul30 Nov, 2007 @ 19:07:04209505
273r57shellhttp://l1nk3d.kit.net/r57.1??Paul29 Nov, 2007 @ 12:11:31209220
234id Disclosurehttp://193.109.188.20/0/templates/rhuk_solarfPaul28 Nov, 2007 @ 19:39:12209135
233Daemon Termination, Evidence Elimination, id Disclosurehttp://203.166.138.154/manual/vhosts/.,/st?Paul28 Nov, 2007 @ 19:39:12209137
187Qe3shell, r57shellhttp://kirbyoi.altervista.org/intro/blu.gif??Paul28 Nov, 2007 @ 19:39:12209502
170C99Shellhttp://the-sabotage.org/hack/shell/c99.txt?Paul28 Nov, 2007 @ 19:39:12209192
139C99Shell, r57shellhttp://www.geocities.com/x024_mind/c99.txt?Paul28 Nov, 2007 @ 19:39:12209500
129id Disclosurehttp://www.madinaedu.gov.sa/safeon.txt??Paul28 Nov, 2007 @ 19:39:12209115
105OS Disclosure, id Disclosurehttp://www.sitestorage.info/templates/rhuk_soPaul28 Nov, 2007 @ 19:39:12209191
99OS Disclosure, id Disclosurehttp://www.trinitymedia.co.za/cache/s.txt??Paul28 Nov, 2007 @ 19:39:12209495
98id Disclosurehttp://www.vagrantclan.com/uploads/on.txt?Paul28 Nov, 2007 @ 19:39:12209474
94OS Disclosure, Qe3shell, id Disclosurehttp://www.zbazaar.com/.ssh/3.jpg??Paul28 Nov, 2007 @ 19:39:12209387
89OS Disclosurehttp://zucaina.org/images/wing.jpg?Paul28 Nov, 2007 @ 19:39:12209160
87id Disclosurehttp://cotine.net/id.txt?Paul28 Nov, 2007 @ 15:51:33209170
86OS Disclosure, id Disclosurehttp://www.dip-kostroma.ru/bak_skompa/themes/Paul28 Nov, 2007 @ 15:51:33209157
82OS Disclosure, id Disclosureftp://80.50.253.90/upload/071011004039p/old?Paul26 Nov, 2007 @ 19:38:33208959
80id Disclosurehttp://decisepoate.ro/images/id.txt?Paul26 Nov, 2007 @ 19:38:33208934
23id Disclosurehttp://211.155.235.169/sewam/cmd.txt?Paul25 Aug, 2007 @ 00:43:06209040
21C99Shellhttp://insidiousdotcom.t35.com/shelly.txt?Paul24 Aug, 2007 @ 23:41:09208958
14Defacing Toolhttp://englishforbusinessonline.com/tool20.daPaul24 Aug, 2007 @ 14:43:54209015
7id Disclosurehttp://www.italia-firenze.com/cache/echo.txt?Paul24 Aug, 2007 @ 14:22:40208957
3IRC-WebDownloader, OS Disclosurehttp://nukedclx.info/php/base?Paul22 Aug, 2007 @ 21:06:59
Version 1.0
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
241ppm 0.209s (0.079s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer