[Techtalk] help! what kind of hack is this?
Carla Schroder
carla at bratgrrl.com
Sun May 25 21:32:14 EST 2003
On Sunday 25 May 2003 8:51 pm, Kai MacTane wrote:
> At 5/25/03 07:46 PM , Carla Schroder wrote:
> >Hmmm.... guess I'll have to ask my web host. They are death on any script
> >from Matt's archive, so it would be surprising if they are using one, or
> >using any kind of formmail script. It does not compute!
> >janus.affordablehost.com is the server that hosts bratgrrl.com.
>
> Weird. It didn't look like it in my quick checks:
>
> root at surehand root# host 200.58.160.146
> Host 146.160.58.200.in-addr.arpa not found: 3(NXDOMAIN)
> root at surehand root# host bratgrrl.com
> bratgrrl.com has address 216.46.203.144
> root at surehand root# host www.bratgrrl.com
> www.bratgrrl.com is an alias for bratgrrl.com.
> bratgrrl.com has address 216.46.203.144
> root at surehand root#
>
> Actually, I just assumed that 200.58.160.146 (from the X-Originating-IP:
> header was janus.affordablehost.com.
>
216.46.203.144 is an Affordable Host IP, if the other IP is legit, it's from
the scanner dork. I found an interesting site that talks about this:
http://www.toastedspam.com/formmail/?a
This particular "spankysparade" twit shows up a lot, from all kinds of IPs, so
who knows where it really comes from.
--
~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
www.tuxcomputing.com
this message brought to you
by Libranet 2.7 and Kmail
~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Techtalk
mailing list