Thursday, May 31, 2007

Omniture Snooping?

Someone was snooping around my local network again. When I took a look there were 3 connections to Google which seemed ok, a connection to a Belgium electronic publishing company which might be ok since I was connected to a technical article, and a connection out on port 80 to Omniture in this IP range:

Omniture TRFR-ORM-UT-OMNITURE-4 (NET-216-194-125-0-1) 216.194.125.0 - 216.194.125.255

The thing is - I never connected to Omniture. The other weird thing is, the company I am working for at the moment is using Ominture. A random internet connection?

regencypacificinc.com surfing the web?

It seems that this web server is surfing the web...
63.236.119.29 resolves to"regencypacificinc.com"
Top Level Domain: "regencypacificinc.com"

Amazon + Nutch again...

Amazon was visiting our sites with Nutch again today.

Amazon scanning my machine again

Why is someone at Amazon scanning my machine with Nutch?

72.44.62.122

ilial/Nutch-0.9 (Ilial, Inc. is a Los Angeles based Internet startup company. For more information please visit http://www.ilial.com/crawler; http://w

OrgName: Amazon.com, Inc.
OrgID: AMAZO-4
Address: Amazon Development Centre South AFrica
Address: 1200 12th Avenue South
City: Seattle
StateProv: WA
PostalCode: 98144
Country: US
NetRange: 72.44.32.0 - 72.44.63.255

Korea Hackers - again

Korea is always a major source of spam and hacking for us.

Today we were bombed by this IP: 222.122.151.181

Looking for PHP hacks.

Wednesday, May 30, 2007

Hmm. ftp.grede.com hacked?

This IP was surfing our web site...

12.34.44.226 resolves to"ftp.grede.com"
Top Level Domain: "grede.com"

Tuesday, May 29, 2007

Google Copied Me

Google copied me. Well they have a bit more resources and some interesting stuff.

http://www.eweek.com/article2/0,1895,2135462,00.asp

http://googleonlinesecurity.blogspot.com/

Monday, May 28, 2007

Hacker activity from 81.223.153.134

inetnum: 81.223.153.128 - 81.223.153.143netname: Technix-Internetdescr:descr: Technix InternetServices GmbHdescr: Wilhelm Pfeiferdescr: Wiencountry: AT

What is YPC 3.2.0

I am finding this in my logs but cannot figure out what it is in a brief web search. Hopefully someone will post some information about it.

serverpronto hacker

Here's a hacker that is blatantly attempting to bypass our bot checking software:

69.60.115.127

Infolink Information Services Inc. INFOLINK-BLK-101 (NET-69-60-96-0-1) 69.60.96.0 - 69.60.127.255Serverpronto INMM-69-60-114-0 (NET-69-60-114-0-1) 69.60.114.0 - 69.60.125.255

In fact you may want to block out all of these:

Serverpronto INMM-69-60-114-0 (NET-69-60-114-0-1) 69.60.114.0 - 69.60.125.255
Serverpronto INMM-69-60-126-0 (NET-69-60-126-0-1) 69.60.126.0 - 69.60.126.255Serverpronto INMM-64-251-14-0 (NET-64-251-14-0-1) 64.251.14.0 - 64.251.14.255Serverpronto INMM-64-251-22-0 (NET-64-251-22-0-1) 64.251.22.0 - 64.251.22.255
Serverpronto INMM-69-60-127-96 (NET-69-60-127-96-1) 69.60.127.96 - 69.60.127.111ServerPronto INMM-64-251-30-0 (NET-64-251-30-0-1) 64.251.30.0 - 64.251.31.255ServerPronto INMM-64-251-25-0 (NET-64-251-25-0-1) 64.251.25.0 - 64.251.25.255ServerPronto INMM-64-251-1-64 (NET-64-251-1-64-1) 64.251.1.64 - 64.251.1.71ServerPronto INMM-69-60-97-64 (NET-69-60-97-64-1) 69.60.97.64 - 69.60.97.71ServerPronto INMM-69-60-110-0 (NET-69-60-110-0-1) 69.60.110.0 - 69.60.110.255ServerPronto INMM-69-60-111-0 (NET-69-60-111-0-1) 69.60.111.0 - 69.60.111.255ServerPronto INMM-64-251-27-0 (NET-64-251-27-0-1) 64.251.27.0 - 64.251.27.255ServerPronto INMM-69-60-109-0 (NET-69-60-109-0-1) 69.60.109.0 - 69.60.109.255Serverpronto INMM-64-251-10-0 (NET-64-251-10-0-1) 64.251.10.0 - 64.251.10.255Serverpronto INMM-69-60-113-0 (NET-69-60-113-0-1) 69.60.113.0 - 69.60.113.255Serverpronto Shared Firewall INMM-64-251-8-0 (NET-64-251-8-0-1) 64.251.8.0 - 64.251.8.255

Thursday, May 24, 2007

Name Intelligence - Bombing our Sites

Some group called Name Itelligence was boming our sites today.

Not to mention that, some code I clearly changed last night was somehow magically reverted by this morning. I am 100% positive someone hacked both my laptop and my server. It doesn't make any sense. I don't know if this bombing by Name Intelligence is related.

OrgName: Compass Communications, Inc. OrgID: CPCMAddress: 2001 6th AvenueAddress: Suite 3205City: SeattleStateProv: WAPostalCode: 98121Country: USNetRange: 64.246.160.0 - 64.246.191.255

Tuesday, May 22, 2007

Related Hacker IPs

There is a good chance that some or all of these IPs are all related hacker IPs (though very possible some are unrelated random internet connections). The reason I say possibly is because all these IPs were blocked by our system in fairly small window:

206.196.111.201
207.8.173.133
66.36.230.11
198.173.15.250
58.61.164.138
209.164.47.89
68.178.25.149
219.72.117.14
206.196.111.201

Sunday, May 20, 2007

Internet Factory - Spain - Looking for a Hack

This IP address: 84.78.106.131

From this network:

inetnum: 84.78.0.0 - 84.79.255.255netname: YACOMNETdescr:descr: Ya.com Internet Factorycountry: es

Was searching Google for the java package that runs our web site.

Log Files Deleted

Someone deleted the log file for web sites yesterday. At least the out-of-the-box log.

Meaning they hacked my web server and were able to edit the contents of a file.

It was most likely one of these IPs - and since it appears an Australian travel related web site was also altered.

67.161.123.184 27 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
66.52.219.150 26 Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
202.172.121.86 21 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
70.16.86.239 21 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)
219.95.201.157 15 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3
64.211.119.111 15 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
58.109.25.142 15 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; OptusNetDSL6; FunWebProducts; .NET CLR 1.1.4322)
24.18.133.12 14 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
125.63.220.160 12 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; fr; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11
24.19.27.54 12 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3
71.197.234.132 12 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
121.72.139.254 11 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
72.86.23.190 10 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070226 Ubuntu/breezy-security Firefox/1.5.0.10
134.7.248.129 10 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
66.212.64.234 9 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
207.225.232.131 9 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
24.18.137.119 9 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
151.41.76.15 8 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MEGAUPLOAD 1.0; Mozilla/4.0 (compatible ; MSIE 6
60.234.112.149 8 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
71.231.143.8 8 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
67.53.216.17 7 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)
207.190.85.11 7 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
12.144.142.180 7 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)
63.83.102.35 7 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3
71.231.138.109 7 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3
87.112.66.170 7 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3
71.227.163.15 6 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.8.1 (KHTML, like Gecko) Safari/312.6
142.167.197.76 6 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
203.33.161.17 6 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
216.41.121.23 6 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
24.22.183.61 6 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)
67.168.63.44 6 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11
71.35.174.30 6 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
71.251.36.71 5 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
76.104.198.212 5 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11
76.230.211.202 5 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 3.1)
86.31.17.9 5 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
71.0.106.22 5 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
71.161.6.228 5 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)
205.250.69.54 5 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
12.210.86.95 5 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
58.168.241.202 5 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
66.174.92.162 5 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; (R1 1.5); .NET CLR 1.1.4322)
67.171.26.65 5 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
71.212.51.10 5 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3
71.212.77.45 4 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8
71.197.194.249 4 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3
71.112.216.207 4 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
71.227.163.15 4 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3
71.212.92.77 4 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; MSN 9.0;MSN 9.1; MSNbQ002; MSNmen-us; MSNcIA)
71.231.217.113 4 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)
71.231.114.187 4 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
67.171.29.83 4 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
67.161.103.218 4 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
24.19.34.168 4 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser; Avant Browser; .NET CLR 1.1.4322; SpamBlockerUtility 4.8.0)
144.138.23.33 4 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.7
206.196.111.201 4 metatagsdir/0.7 (+http://metatagsdir.com/directory/)
24.12.249.238 4 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)
24.19.50.158 4 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412.6 (KHTML, like Gecko) Safari/412.2
82.34.178.59 4 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
71.231.0.99 4 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
71.217.78.77 3 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)
71.35.156.246 3 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Boeing Kit; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
76.22.52.12 3 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
64.231.181.163 3 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
67.170.102.9 3 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
70.90.186.25 3 Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
66.231.189.97 3 Gigabot/2.0 (http://www.gigablast.com/spider.html)
24.19.23.36 3 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11
24.19.242.5 3 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11
193.72.33.241 3 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
124.190.88.237 3 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
12.72.243.70 3 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2
24.16.59.122 3 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
65.102.190.68 3 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)
71.231.115.2 3 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
71.121.251.187 3 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3
71.212.81.129 3 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)
71.196.174.73 2 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)
70.85.114.58 2 Pingdom GIGRIB (http://www.pingdom.com)
68.44.194.30 2 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
69.156.172.6 2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
69.255.17.229 2 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
69.37.76.105 2 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20060912 Netscape/8.1.2
76.106.5.101 2 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
90.242.30.160 2 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
65.222.176.122 2 Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)
64.124.85.71 2 Mozilla/5.0 (compatible; BecomeBot/3.0; +http://www.become.com/site_owners.html)
24.17.245.143 2 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; Windows-Media-Player/10.00.00.3990)
66.235.51.160 2 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
67.168.95.2 2 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
68.230.5.189 2 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
134.7.206.157 2 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
152.163.100.209 2 Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; .NET CLR 1.1.4322)
192.85.47.2 2 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
207.200.116.139 2 Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; .NET CLR 1.1.4322)
216.82.171.6 2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
219.206.88.11 2 Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
193.35.129.161 2 Opera/9.10 (Windows NT 5.1; U; en)
12.210.182.93 2 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11
203.109.206.194 2 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
200.122.64.108 2 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3
212.227.83.83 2
207.200.116.132 2 Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; .NET CLR 1.1.4322)
207.200.116.73 2 Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; .NET CLR 1.1.4322)
209.53.232.173 2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 2.0.50727)
24.18.41.26 2 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
67.161.125.135 2 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3
71.121.152.254 2 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
65.222.176.125 2 Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)
84.78.106.131 2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)
71.231.200.201 2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET CLR 1.1.4322; InfoPat
71.35.141.83 2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Avant Browser; Avant Browser)
75.92.145.57 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
71.37.27.123 1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
72.179.227.82 1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
72.254.55.39 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30)
71.240.229.185 1 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.8.1 (KHTML, like Gecko) Safari/312.6
71.231.141.255 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)
71.212.71.48 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)
80.254.152.84 1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
81.52.143.16 1 Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1) VoilaBot BETA 1.2 (http://www.voila.com/)
76.205.101.176 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
66.180.82.87 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
66.231.188.133 1 Gigabot/2.0 (http://www.gigablast.com/spider.html)
64.235.108.248 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
65.214.39.180 1 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20070308 Minefield/3.0a1
24.22.209.95 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
24.22.218.197 1 Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
60.191.80.224 1 Mozilla/5.0 (compatible; YodaoBot/1.0; http://www.yodao.com/help/webmaster/spider/; )
62.194.15.193 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
64.12.116.19 1 Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)
64.12.116.5 1 Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)
64.124.85.76 1 Mozilla/5.0 (compatible; BecomeBot/3.0; +http://www.become.com/site_owners.html)
64.124.85.77 1 Mozilla/5.0 (compatible; BecomeBot/3.0; +http://www.become.com/site_owners.html)
71.13.115.117 1 bot/1.0 (bot; http://; bot@bot.bot)
71.102.99.173 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
71.168.130.247 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
71.172.236.42 1 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3
71.197.164.190 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; .NET CLR 1.1.4322; InfoPath.1)
66.249.85.85 1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
66.36.230.11 1
67.40.25.45 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)
210.82.118.14 1 favorstarbot/1.0 (+http://favorstar.com/bot.html)
207.200.116.200 1 Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; .NET CLR 1.1.4322)
216.131.91.205 1
24.11.108.250 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
24.174.106.137 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1)
24.18.137.235 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
24.18.230.83 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
24.18.246.181 1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3
24.18.246.185 1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
207.200.116.12 1 Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; .NET CLR 1.1.4322)
203.76.128.203 1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
195.4.221.251 1 Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2
12.144.142.180 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
152.163.100.76 1 Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; .NET CLR 1.1.4322)
159.226.26.99 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
18.194.1.206 1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11
193.227.227.54 1 nsjmfiurhgrkisulbfmixiholgk ecylus6oi
24.115.225.223 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)
24.136.66.146 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
24.16.23.32 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
204.130.228.90 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
206.183.1.74 1 Mozilla/4.0 (compatible; T-H-U-N-D-E-R-S-T-O-N-E)
216.160.92.13 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET CLR 1.1.4322)
207.200.116.202 1 Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; .NET CLR 1.1.4322)
207.200.116.8 1 Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; .NET CLR 1.1.4322)
207.200.116.9 1 Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; .NET CLR 1.1.4322)
207.216.51.61 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1)
206.80.1.253 1 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20070308 Minefield/3.0a1
207.115.68.99 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
207.200.116.137 1 Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; .NET CLR 1.1.4322)
193.35.129.169 1 Opera/9.10 (Windows NT 5.1; U; en)
193.95.154.69 1 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20070308 Minefield/3.0a1
195.60.64.5 1 Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
202.191.106.20 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
203.220.203.253 1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217
159.226.26.98 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
190.42.83.216 1 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20061201 Firefox/2.0.0.3 (Ubuntu-feisty)
142.68.80.30 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Hotbar 4.5.0.0; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
144.132.94.218 1 Xenu Link Sleuth 1.2i
125.253.35.241 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
68.32.23.202 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
67.183.147.21 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.3
67.183.220.214 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
67.184.3.163 1 Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
66.24.105.4 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
66.194.6.68 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312469)
64.27.29.45 1 Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)
24.18.186.147 1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3
24.18.241.84 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; (R1 1.5); .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)
24.20.208.213 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 3.1)
64.124.85.73 1 Mozilla/5.0 (compatible; BecomeBot/3.0; +http://www.become.com/site_owners.html)
64.124.85.79 1 Mozilla/5.0 (compatible; BecomeBot/3.0; +http://www.become.com/site_owners.html)
64.12.117.5 1 Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)
65.222.176.123 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)
65.243.153.100 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
81.219.27.49 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
82.154.42.127 1 Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
83.116.238.30 1 Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
89.180.32.129 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)
71.97.249.48 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; InfoPath.1; IEMB3)
72.79.234.67 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
72.88.201.176 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
71.216.15.25 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
71.217.106.179 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
71.227.164.19 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
69.91.157.132 1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11
70.215.92.151 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
70.83.131.206 1 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20061201 Firefox/2.0.0.3 (Ubuntu-feisty)
69.29.198.44 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
68.84.228.60 1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3
71.101.61.14 1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)
71.197.235.80 1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Sunday, May 13, 2007

Naval Surface Warfare Center - connected to/from my laptop?

This is odd. I'm logged into a VPN to a remote server and suddenly my terminal services connection is locking up. I check IPs I am connected to and there's the Google Toolbar notifier so I shut it off. Then my machine seems to free up and I can move the mouse around on the remote server again. But I think that was a coincidence. Shortly thereafter lock up again on my administrator account on the remote machine via Terminal Services. Another look at the IPs my machine is connected to reveals a connection to two Naval Surface Warfare Center IPs on port 80. I have no reason to be connected to these IP addresses. As far as I know I am only connected to my own web server, through the web on port 80, and through a VPN so how the heck is my machine somehow connecting to the these addresses on port 80???

128.38.52.46 and 128.38.52.34

OrgName: Naval Surface Warfare Center OrgID: NSWC-1Address: 17320 Dahlgren RoadAddress: Code XDTCity: DahlgrenStateProv: VAPostalCode: 22448-5000Country: USNetRange: 128.38.0.0 - 128.38.255.255

Friday, May 11, 2007

Organized Crime and Hacking

This article says people are "wondering" if organized crime is involved in hacking.

http://www.networkworld.com/news/2007/050907-fbi-organized-crime-cybercrime.html?nlhtsec=0507securityalert5&

DUH. Obviously this person doesn't know much about what they are writing about.

What is organized crime anyway? Is it organized when someone has a bunch of command and control bots or when there is a whole row of computers in a hut in Nigeria working on money transfer schemes from stolen funds using people who fall for their ploys?

Maybe they only mean a certain type of organized crime - Mafia. Given that the Internet is the absolute easiest way to make a whole tone of money without killing anyone or counting on too many people to get the job done, I would venture to say that any smart criminal organization would be after that pot of gold.

But the flip side of that is the Internet is all about computers and data. Computers don't lie. If the data is tracked by a really smart programmer on the other side of the fence - the good guys will have the data they need to nab the crooks much faster than traditional walking the street and trying to find scared witnesses to testify who are afraid for their lives.

OK maybe I've been watching too many cops and robbers and lawyer movies lately. But I can totally see the possibilities here and it's pretty much been reported already that certain criminal and terrorist organizations are involved in Internet crimes.

Wednesday, May 09, 2007

Good and Bad File Security From Microsoft

Microsoft seems to have a policy where you can set high security on your computer and block files that came from another computer from running. To unblock you right click on the file and choose unblock and the file can run.

Great. But what about when you download and run a program from the Internet and it has a whole bunch of files required to run and you try to run the app and get cryptic error messages and have no idea what the problem is or which file to unblock even if you do know what the problem is...this is typical Microsoft. When you change settings in your OS it can cripple and even corrupt your OS at times if you change COM and DCOM settings the wrong way.

But even worse I cannot get my work done right now (and had to stop and gripe about it) because this lovely security mechanism has blocked me from uncompressing a zip file. So yeah I turned around and unblocked it - cool, right? Not cool. When I try to unzip it still doesn't work and I am guessing it is because all the files in the zip file came from another computer - and I cannot "unblock" them because they are in a zip file! If that is not the problem not sure what is.

So I like the concept but I don't like the implementation. It would be better to allow someone to see all the files that ran, have run and are running and click on something to see what program they are associated with, which user ran them, time, date, etc. Also it needs to be easy to globally turn on and off this blocking and include those intstructions with the instructions for unblocking a file.

Wednesday, May 02, 2007

Googlebot.com surfing for PHP files?

We got a hit for a php file we don't host. Turns out the IP resolves to googlebot.com. However the bot does not identify itself as Google in the user agent so it looks suspcious. But..when I go to googlebot.com in a browser...it goes to google. What is up with that?