linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Attempted Breakin of Go Daddy by LKML Member (Foiled)
@ 2013-03-27 11:47 Jeffrey Merkey
  2013-03-27 13:05 ` Jeffrey Merkey
  0 siblings, 1 reply; 2+ messages in thread
From: Jeffrey Merkey @ 2013-03-27 11:47 UTC (permalink / raw)
  To: linux-kernel

After posting the latest MDB version, this linux developer (which I
monitor from San Diego periodically) attempted a break in of godaddy's
servers with an XSS embedded script attack.  This notice is posted to
warn others of this address.  I am certain Linus and Co. can check
kernel.org and track down this address if they are a user of LKML.
The following is provided from server logs at godaddy.

2013-03-26 16:36:16	GET
/?page=maillist&name=press	108.64.212.227	108-64-212-227.lightspeed.sndgca.sbcglobal.net
2013-03-26 16:36:21	GET
/?page=account&action=messages	108.64.212.227	108-64-212-227.lightspeed.sndgca.sbcglobal.net
2013-03-26 16:36:29	GET
/?page=maillist&name=discussion	108.64.212.227	108-64-212-227.lightspeed.sndgca.sbcglobal.net
2013-03-26 16:36:48	GET
/?page=maillist&name=%3Cscript%3Ealert('woot');%3C/script%3E	108.64.212.227	108-64-212-227.lightspeed.sndgca.sbcglobal.net
2013-03-26 16:37:01	GET /?page=admin	108.64.212.227	

geolocation shows the address is a duckblind from.  He is a linux user
on Ubuntu.  See:
User-Agent : Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2)
Gecko/2008092313 Ubuntu/9.25 (jaunty) ...

http://geo-location.com/host-76-219-253-168.lightspeed.sndgca.sbcglobal.net/

Here is a description of this type of attack.

http://www.acunetix.com/websitesecurity/cross-site-scripting/

This IP address has been reported to godaddy IAW their site policies
on breakin attempts to their hosted servers.  So I know you are
trolling this list hacker (LKML) and I want to let you know your IP
address in San Diego won't be around much longer.  Have a nice day.

Jeff Merkey

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Attempted Breakin of Go Daddy by LKML Member (Foiled)
  2013-03-27 11:47 Attempted Breakin of Go Daddy by LKML Member (Foiled) Jeffrey Merkey
@ 2013-03-27 13:05 ` Jeffrey Merkey
  0 siblings, 0 replies; 2+ messages in thread
From: Jeffrey Merkey @ 2013-03-27 13:05 UTC (permalink / raw)
  To: linux-kernel

These scumbags are so predictable.  After the LKML mailing went
planetwide, this idiot and his buddies came right back in from another
duckblind and accessed the site -- sorry guys, I punched right through
your duckblind.  Here is this dirtbags actual IP address.  I've seen
this address to -- another Merkey mission poster.

2013-03-27 04:53:07	GET /	5.14.29.243	5-14-29-243.residential.rdsnet.ro	
2013-03-27 04:53:43	GET
/?page=maillist	5.14.29.243	5-14-29-243.residential.rdsnet.ro
2013-03-27 04:53:53	GET /	5.14.29.243	5-14-29-243.residential.rdsnet.ro	

Wonder who on LKML uses this address.  Dude, you are nailed.

Jeff

On 3/27/13, Jeffrey Merkey <jeffmerkey@gmail.com> wrote:
> After posting the latest MDB version, this linux developer (which I
> monitor from San Diego periodically) attempted a break in of godaddy's
> servers with an XSS embedded script attack.  This notice is posted to
> warn others of this address.  I am certain Linus and Co. can check
> kernel.org and track down this address if they are a user of LKML.
> The following is provided from server logs at godaddy.
>
> 2013-03-26 16:36:16	GET
> /?page=maillist&name=press	108.64.212.227	108-64-212-227.lightspeed.sndgca.sbcglobal.net
> 2013-03-26 16:36:21	GET
> /?page=account&action=messages	108.64.212.227	108-64-212-227.lightspeed.sndgca.sbcglobal.net
> 2013-03-26 16:36:29	GET
> /?page=maillist&name=discussion	108.64.212.227	108-64-212-227.lightspeed.sndgca.sbcglobal.net
> 2013-03-26 16:36:48	GET
> /?page=maillist&name=%3Cscript%3Ealert('woot');%3C/script%3E	108.64.212.227	108-64-212-227.lightspeed.sndgca.sbcglobal.net
> 2013-03-26 16:37:01	GET /?page=admin	108.64.212.227	
>
> geolocation shows the address is a duckblind from.  He is a linux user
> on Ubuntu.  See:
> User-Agent : Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2)
> Gecko/2008092313 Ubuntu/9.25 (jaunty) ...
>
> http://geo-location.com/host-76-219-253-168.lightspeed.sndgca.sbcglobal.net/
>
> Here is a description of this type of attack.
>
> http://www.acunetix.com/websitesecurity/cross-site-scripting/
>
> This IP address has been reported to godaddy IAW their site policies
> on breakin attempts to their hosted servers.  So I know you are
> trolling this list hacker (LKML) and I want to let you know your IP
> address in San Diego won't be around much longer.  Have a nice day.
>
> Jeff Merkey
>

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-03-27 13:05 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-03-27 11:47 Attempted Breakin of Go Daddy by LKML Member (Foiled) Jeffrey Merkey
2013-03-27 13:05 ` Jeffrey Merkey

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).