Abuse:Infected customer report

Discussion in 'Site & Server Administration' started by ska_defender, Nov 30, 2010.

0
  1. #1
    I have a VPS
    Recently I have recieved an email from my webhosting company 

    

The following is a list of IP addresses on your network which we have
good reason to believe may be compromised systems engaging in
malicious activity.  Please investigate and take appropriate action to
stop any malicious activity you verify.

The following is a list of types of activity that may appear in this
report:
BEAGLE      BEAGLE3     BLASTER     BOTNETS     BOTS        BRUTEFORCE
DAMEWARE    DEFACEMENT  DIPNET      DNSBOTS     MALWAREURL  MYDOOM
NACHI       PHATBOT     PHISHING    ROUTERS     SCAN445     SCANNERS
SINIT       SLAMMER     SPAM        SPYBOT      TOXBOT

Open proxies and open mail relays may also appear in this report.
Open proxies are designated by a two-character identifier (s4, s5, wg,
hc, ho, hu, or fu) followed by a colon and a TCP port number.  Open
mail relays are designated by the word \"relay\" followed by a colon and
a TCP port number.

A detailed deskription of each of these may be found at
https://security.gblx.net/reports.html

NOTE: IPs identified as hosting botnet controllers, phishing websites,
or malware distribution sites (marked with BOTNETS, PHISHING, or
MALWAREURL respectively) may be null routed by Global Crossing
following a separately emailed notice.  We will make every effort
to avoid taking action which will impact legitimate services on
your network, and we will now send notices of botnet controllers
within one hour of their detection.

This report is sent every day.  If you would prefer a weekly report,
sent on Mondays, please contact us by replying to this email to
request it.  We would prefer, however, that you receive and act upon
these reports daily.

 

Unless otherwise indicated, time stamps are in UTC (GMT).

28753 | 188.72.243.218 | 2010-11-27 14:52:10 http://nedspe.com/images/AOL/ PHISHING
    Code (markup):

    What does this mean ??
    I didnt understand
    any idea
     
    ska_defender, Nov 30, 2010 IP
  2. ishan

    ishan Prominent Member

    Messages:
    2,212
    Likes Received:
    88
    Best Answers:
    0
    Trophy Points:
    325
    #2
    At the end , see -
    http://nedspe.com/images/AOL

    Someone has hacked into this account/website and has uploaded a folder named AOL , which is used for phishing.

    You need to set images folder to 755 if it is 777 and remove the AOL folder.

    You should also change your account/ftp passwords and check your own PC for trojans/keyloggers etc.
     
    ishan, Nov 30, 2010 IP
  3. ska_defender

    ska_defender Well-Known Member

    Messages:
    590
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    108
    #3
    Many Thanks
     
    ska_defender, Nov 30, 2010 IP