Portal Home > Knowledgebase > Articles Database > Servers distributing malware, beware
Servers distributing malware, beware
Posted by SaaSMX, 11-04-2010, 05:05 PM |
Hi,
As mentioned, we have this list of IPs distributing malware and/or using stolen FTP passwords. Most of these servers are at The Planet, some others at SoftLayer, and the rest at or provided by Limestone, OVH, Single Hop, Vortech, GNAX, Hetzner, Hostalia, etc.
174.121.1.34
173.192.60.66
112.213.84.80
174.121.152.194
70.85.144.194
74.53.70.2
74.55.128.162
69.73.178.66
67.19.146.74
88.198.23.186
89.104.70.13
216.157.140.192
174.120.96.130
205.251.143.10
74.53.114.6
70.87.94.66
173.192.207.107
87.118.66.86
174.132.159.34
67.228.216.14
82.194.84.84
74.54.71.143
69.175.29.58
67.212.76.157
94.23.224.168
174.120.31.34
79.98.40.17
216.245.203.178
202.146.212.11
208.109.242.197
74.54.198.50
91.195.80.36
67.18.16.50
216.67.225.92
These IPs were gathered from Octuber logs.
Cheers
|
Posted by drspliff, 11-05-2010, 03:03 AM |
Why not report to projecthoneypot?
|
Posted by MikeDVB, 11-05-2010, 05:20 AM |
Can you be more specific or detailed than just a simple list of IPs?
|
Posted by SaaSMX, 11-05-2010, 03:21 PM |
These servers are being used to establish FTP connections from stolen passwords (ie. Gumblar virus) and inject code of the like:
and some base64 as well.
We got these IPs from the FTP access logs of an infected customer during Octuber.
|
Posted by JefS, 11-06-2010, 07:31 PM |
I'm not surprised in the least that Vortech is in that list, they've been blaming their hacked servers on their customers for over a year.
http://forum.vortechhosting.com/show...highlight=hack
http://forum.vortechhosting.com/show...highlight=hack
|
Add to Favourites Print this Article
Also Read