Thursday, December 07, 2006

Day Two of the Photo Cart Attack

Very interesting to watch this Photo Cart vulnerability probe continue as some of the same IPs attacked yet again but there were some new locations joining in the assault.

The morons launching this assault just didn't seem to understand that my site doesn't run Photo Cart when they attacked me yesterday and like a bunch of deaf, dumb and blind lemmings did they same stupid thing again today.

Here's todays list of sites trying to attack:

72.29.83.98 [jet33.hasweb.com.] requested 47 pages as "libwww-perl/5.805"
72.29.76.238 [72-29-76-238.static.dimenoc.com.] requested 47 pages as "libwww-perl/5.805"
66.7.193.220 [interzone.shiftinteractive.net.] requested 100 pages as "libwww-perl/5.805"
216.55.166.52 [216-55-166-52.dedicated.abac.net.] requested 8 pages as "libwww-perl/5.803"
72.29.82.174 [pass57.dizinc.com.] requested 4 pages as "libwww-perl/5.805"
72.29.74.43 [deso.surpasshosting.com.] requested 8 pages as "libwww-perl/5.805"
67.19.74.138 [www2.comradelycertitude.com.] requested 117 pages as "libwww-perl/5.805"
64.8.118.4 [64-8-118-4.hsphereweb.com.] requested 108 pages as "libwww-perl/5.801"
64.8.118.5 [64-8-118-5.hsphereweb.com.] requested 108 pages as "libwww-perl/5.801"
66.70.121.80 [unknown] requested 12 pages as "libwww-perl/5.65"
66.40.38.148 [host148.maxim.net.] requested 8 pages as "libwww-perl/5.65"
67.19.224.66 [lamda.asmallorange.com.] requested 18 pages as "libwww-perl/5.805"
208.101.29.107 [asprojectos.com.] requested 93 pages as "libwww-perl/5.805"
204.11.234.28 [vn1133.fireboxhosting.com.] requested 80 pages as "libwww-perl/5.805"
66.55.78.18 [66-55-78-18.yourhostingprovider.net.] requested 48 pages as "libwww-perl/5.801"
81.181.15.6 [mail.cipnet.ro.] requested 36 pages as "libwww-perl/5.805"
209.172.35.53 [ip-209-172-35-53.reverse.privatedns.com.] requested 38 pages as "libwww-perl/5.79"
69.10.142.59 [unknown.rackforce.com.] requested 17 pages as "libwww-perl/5.805"
66.39.177.8 [shweet.bendug.org.] requested 2 pages as "gnootBot"
189.146.75.42 [dsl-189-146-75-42.prod-infinitum.com.mx.] requested 17 pages as "libwww-perl/5.803"
219.93.90.33 [unknown] requested 20 pages as "libwww-perl/5.65"
84.31.119.195 [cp113881-a.dbsch1.nb.home.nl.] requested 1 pages as "Ecrw7jipqgslb7fygbgqpshwirc"
203.167.111.133 [133.111.167.203.assigned.static.eastern-tele.com.] requested 16 pages as "libwww-perl/5.79"
158.66.1.12 [service2.mg.gov.pl.] requested 76 pages as "libwww-perl/5.65"
66.240.252.55 [su9325255.aspadmin.net.] requested 12 pages as "libwww-perl/5.803"
68.186.32.50 [68-186-32-50.static.scrm.ca.charter.com.] requested 15 pages as "libwww-perl/5.79"
72.51.34.179 [server1.reptileforums.com.] requested 11 pages as "libwww-perl/5.79"
209.47.139.138 [server.privatelabelarticlesite.net.] requested 2 pages as "libwww-perl/5.805"
195.242.211.253 [faq.ecobike.de.] requested 1 pages as "libwww-perl/5.48"BAD_AGENT: 67.159.26.45 [sanalsistem.net.] requested 7 pages as "libwww-perl/5.805"
163.178.79.2 [server.micit.go.cr.] requested 9 pages as "libwww-perl/5.803"
I truly feel bad for any idiots running Photo Cart about now.

Wednesday, December 06, 2006

TopicBlogs Steps Over The Line

TopicBlogs hasn't even launched yet but they managed to piss me off stepping over the boundary.

The RSS feed is fair game, but pulling the linked pages without permission is NOT fair game.

Here's an example:

72.36.205.106 "GET /rss_feed.xml HTTP/1.0" "topicblogs/0.9"
72.36.205.106 "GET /blogpage2.html HTTP/1.0" "topicblogs/0.9"
72.36.205.106 "GET /blogpage3.html HTTP/1.0" "topicblogs/0.9"
72.36.205.106 "GET /blogpage4.html HTTP/1.0" "topicblogs/0.9"
72.36.205.106 "GET /blogpage5.html HTTP/1.0" "topicblogs/0.9"
72.36.205.106 "GET /blogpage6.html HTTP/1.0" "topicblogs/0.9"
72.36.205.106 "GET /blogpage7.html HTTP/1.0" "topicblogs/0.9"
Maybe you people over at TopicsBlog should implement robots.txt to see if we allow you to step off the RSS feed.

Until you fix it, you're just BLOCKED!

Botnet Attempts Photo Cart Vulnerability Attack

Today some mental midget wannabe hackers tried to hit my site using what appeared to be a bunch of compromised locations looking for a Photo Cart vulnerability that they naively attempted over 1,000 times.

Can you say bot blocker you lame hacking idiots?

Check your log files for this little gem

/PhotoCart/adminprint.php?path=
Check out this list of sites that launched the attack:
66.7.193.220 [interzone.shiftinteractive.net.] requested 70 pages as "libwww-perl/5.805"
72.29.76.238 [72-29-76-238.static.dimenoc.com.] requested 50 pages as "libwww-perl/5.805"
72.29.83.98 [jet33.hasweb.com.] requested 53 pages as "libwww-perl/5.805"
72.29.66.235 [bravo.dnshttp.com.] requested 31 pages as "libwww-perl/5.805"
72.36.156.123 [osd1.myhostcenter.com.] requested 1 pages as "libwww-perl/5.805"
204.11.234.28 [vn1133.fireboxhosting.com.] requested 79 pages as "libwww-perl/5.805"
64.8.118.5 [64-8-118-5.hsphereweb.com.] requested 115 pages as "libwww-perl/5.801"
72.3.249.214 [ashopsoftware.com.] requested 50 pages as "libwww-perl/5.65"
147.202.41.61 [x.xhort.com.] requested 29 pages as "libwww-perl/5.805"
208.101.29.107 [asprojectos.com.] requested 85 pages as "libwww-perl/5.805"
209.47.167.151 [server.web-marketing-concepts.com.] requested 32 pages as "libwww-perl/5.805"
67.19.74.138 [www2.comradelycertitude.com.] requested 110 pages as "libwww-perl/5.805"
64.8.118.4 [64-8-118-4.hsphereweb.com.] requested 90 pages as "libwww-perl/5.801"
66.159.142.166 [66-159-142-166.adsl.snet.net.] requested 1 pages as "libwww-perl/5.803"
81.181.15.6 [mail.cipnet.ro.] requested 60 pages as "libwww-perl/5.805"
67.19.224.66 [lamda.asmallorange.com.] requested 44 pages as "libwww-perl/5.805"
82.165.27.174 [p15173001.pureserver.info.] requested 36 pages as "libwww-perl/5.76"
200.32.10.19 [200-32-10-19.prima.net.ar.] requested 29 pages as "libwww-perl/5.805"
216.22.48.208 [216.22.48.208.servint.net.] requested 35 pages as "libwww-perl/5.805"
83.15.63.115 [eih115.internetdsl.tpnet.pl.] requested 5 pages as "libwww-perl/5.803"
209.172.35.53 [ip-209-172-35-53.reverse.privatedns.com.] requested 36 pages as "libwww-perl/5.79"
67.18.16.82 [srv24.icx.pl.] requested 1 pages as "libwww-perl/5.805"
163.178.79.2 [server.micit.go.cr.] requested 32 pages as "libwww-perl/5.803"
203.167.111.133 [133.111.167.203.assigned.static.eastern-tele.com.] requested 15 pages as "libwww-perl/5.79"
66.40.38.148 [host148.maxim.net.] requested 11 pages as "libwww-perl/5.65"
164.77.213.115 [unknown] requested 1 pages as "libwww-perl/5.805"
195.242.211.253 [faq.ecobike.de.] requested 2 pages as "libwww-perl/5.48"
158.66.1.12 [service2.mg.gov.pl.] requested 32 pages as "libwww-perl/5.65"
219.93.90.33 [unknown] requested 4 pages as "libwww-perl/5.65"
63.246.154.22 [ukrainehosting.info.] requested 6 pages as "libwww-perl/5.805"
71.198.177.113 [c-71-198-177-113.hsd1.ca.comcast.net.] requested 2 pages as "libwww-perl/5.805"
64.8.114.14 [web-06.ihservers.com.] requested 1 pages as "libwww-perl/5.801"
209.47.139.138 [server.privatelabelarticlesite.net.] requested 1 pages as "libwww-perl/5.805"
Some appear to obviously be compromised sites.

Oh boy, let the fun begin!