Forum Content
SecurityForumX - Computer Network Virus Security Forum Index    InfoSysSec.com   
SecurityChatX.com   
SecurityForumX.com   
SecurityNewsPortal.com   
HomelandSecurityX.com   
InfoSecMagazine.com   
  Security forums to discuss the latest computer network and Internet security, virus and hacking news
--- Established January 2003 ---		      FAQ      Search      Memberlist  
  · Log in Register · Profile · Log in to check your private messages · Usergroups  
510 web hosting companies compromised with zombies on board

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    SecurityForumX - Computer Network Virus Security Forum Index -> The Water Cooler
View previous topic :: View next topic  
Author Message
infosys
Site Admin
Site Admin


Joined: 12 Dec 2002
Posts: 1461
PostPosted: Sun Jun 20, 2010 2:15 pm    Post subject: 510 web hosting companies compromised with zombies on board Reply with quote
Here is YET ANOTHER Bot owner / renter who has decided to share with us the IPs that are presently under the control of their Bot network.

This list represents a hall of shame for over 500 web hosting servers that have been compromised - zombied and are now available for launching attacks, probes, posting comment spam to forums and for faking pay-for-clicks for profit.

Just between this list of 500+ and the other list of 260+ ( in the other message ) - you have over 750+ compromised web hosting servers. Note that... this is just two Bot nets that have self-identified themselves as being resident on web hosting servers. That's a lot of server power and bandwidth to put under the control of just two ( errrmmm... maybe just one ) Bot owner. And that is just a tip of the iceberg of Bots that have taken up residence on web hosting servers.

As I noted in my other message, the problem isn't just that these IP's are now oWn3d and under the control of a Bot master... but that the IPs all lead to web hosting servers - where all the other IPs of that hosting company may have also been compromised.

Let's face it... if a web hosting company has one particular exploitable vulnerability ( such as in the softwares they are providing to their clients for their web sites, then it means all web sites using that same software with that hosting company have are compromisable or have already been compromised. These compromised IPs are most likely just a tip-of-the-iceberg for the number of compromised web sites and IPs within the control ( or lack of control ) of the hosting company.

Sigh... As per the other message, I have again put this list into numerical order so folks can look up whether an IP within their company's control has been compromised - zombied - and is being used by this one Bot network...

109.123.87.182
109.71.41.45
110.45.144.106
110.45.144.22
110.45.147.237
112.78.8.20
113.42.216.21
114.108.128.56
114.108.151.149
114.108.177.125
114.141.196.221
117.103.58.174
118.129.166.213
118.129.167.25
119.235.18.119
119.235.18.12
121.141.203.10
121.190.102.21
121.199.14.40
121.52.132.40
121.78.118.123
121.88.4.141
122.112.32.51
122.201.90.164
122.201.90.71
122.252.7.141
124.217.247.197
124.38.187.59
125.244.71.2
125.249.199.195
150.101.143.114
164.124.141.160
173.160.141.237
173.192.222.68
173.201.187.126
173.201.20.200
173.212.235.132
173.236.10.170
173.236.129.73
173.236.139.181
173.236.139.35
173.236.27.186
173.236.44.50
174.120.159.141
174.120.220.75
174.120.234.247
174.121.0.121
174.121.158.187
174.121.176.46
174.121.176.85
174.121.188.69
174.121.192.70
174.121.21.33
174.121.216.184
174.121.216.99
174.121.217.207
174.121.227.168
174.121.237.135
174.121.240.153
174.121.243.153
174.121.243.67
174.121.64.231
174.121.64.34
174.121.67.233
174.123.136.234
174.123.99.42
174.133.173.34
174.133.201.194
174.133.206.82
174.142.104.213
174.142.53.228
174.142.68.199
174.37.143.198
174.46.190.110
174.46.45.204
178.32.3.34
178.63.27.83
180.150.132.234
187.45.193.159
187.45.193.223
188.138.40.184
188.165.201.139
188.165.68.4
188.40.137.140
188.40.178.145
188.40.232.234
188.40.37.133
188.40.88.186
188.40.96.137
188.72.215.16
188.72.70.56
188.95.136.21
189.108.172.26
189.11.126.17
189.43.42.68
190.196.70.187
194.100.228.237
194.108.112.112
194.150.236.165
194.54.88.38
194.79.28.66
195.12.48.49
195.128.158.108
195.225.170.108
195.228.0.130
195.64.165.104
195.9.14.148
195.93.201.141
196.36.153.253
200.11.75.76
200.175.239.226
200.201.180.130
200.202.243.41
200.204.56.189
200.208.204.10
200.226.134.29
200.60.232.237
200.78.238.157
201.116.197.150
201.219.56.48
201.36.173.93
201.94.229.85
202.125.152.246
202.130.32.19
202.130.32.50
202.142.222.235
202.147.196.227
202.191.112.37
202.29.86.7
202.63.240.21
202.71.108.28
203.120.246.20
203.152.220.245
203.172.165.178
203.19.4.18
203.211.129.97
203.211.149.167
204.232.202.236
205.251.131.18
205.251.131.33
206.123.118.132
206.19.84.13
206.210.68.43
206.225.86.201
207.191.229.96
207.210.118.212
207.45.176.98
207.45.185.154
207.55.247.185
207.57.250.92
207.58.183.16
208.110.132.7
208.116.46.58
208.43.133.147
208.43.255.2
208.53.158.146
208.81.4.2
208.87.120.6
208.92.233.45
208.97.184.16
209.116.59.107
209.126.254.102
209.126.254.139
209.188.90.44
209.200.244.57
209.200.245.35
209.200.252.15
209.216.242.123
209.51.155.138
209.61.244.6
209.90.77.6
209.90.87.82
210.0.197.47
210.21.36.126
211.169.249.251
211.174.49.102
211.203.180.144
211.234.100.196
211.241.160.253
211.36.30.37
211.43.212.56
211.53.209.67
211.63.219.132
212.174.28.46
212.191.65.1
212.223.162.135
212.227.248.216
212.59.6.16
212.61.10.131
212.64.132.52
212.69.208.145
213.115.31.121
213.165.85.241
213.175.212.36
213.179.32.13
213.180.89.75
213.186.117.208
213.189.224.16
213.203.199.235
213.229.90.201
213.246.61.99
213.33.76.84
213.75.77.56
213.92.118.159
216.104.160.138
216.127.70.140
216.14.121.161
216.14.125.163
216.14.126.247
216.15.238.210
216.17.105.143
216.227.214.83
216.227.215.115
216.227.215.90
216.243.16.71
216.26.139.67
216.38.49.38
216.59.0.167
216.97.226.235
216.97.231.10
216.97.233.20
217.114.97.215
217.16.18.219
217.160.249.213
217.172.150.13
217.172.165.121
217.18.76.19
217.198.25.4
217.20.125.11
217.28.210.12
217.73.226.225
217.73.227.30
217.73.239.8
218.145.71.241
218.146.255.196
218.150.85.170
218.240.1.117
218.38.243.71
218.38.34.19
218.48.202.44
218.50.54.236
219.117.255.170
219.240.36.36
219.255.132.83
220.134.187.155
220.225.66.178
221.144.12.141
222.236.47.182
24.144.208.88
58.120.226.47
59.21.247.137
59.42.10.71
60.234.132.61
61.64.157.64
61.65.15.8
61.67.201.187
61.67.240.189
61.8.3.157
61.97.159.28
62.112.222.113
62.146.125.2
62.149.141.44
62.149.5.109
62.182.63.46
62.182.63.49
62.210.190.230
62.219.199.50
62.28.102.242
62.43.194.164
62.44.73.150
62.44.73.18
62.44.82.118
62.44.82.61
62.75.219.113
62.75.220.183
64.118.87.45
64.156.24.220
64.182.124.148
64.237.56.50
64.246.3.210
64.251.10.117
64.34.165.224
64.57.240.235
64.6.104.146
64.62.216.2
64.71.32.25
64.79.194.247
65.110.48.170
65.13.185.104
65.162.17.11
65.60.49.18
66.135.55.136
66.212.28.136
66.230.221.15
66.51.100.139
66.7.192.231
66.71.188.11
66.98.134.54
66.99.17.62
67.108.254.21
67.15.152.183
67.15.198.39
67.159.31.10
67.159.45.189
67.18.167.170
67.192.44.171
67.205.85.177
67.205.85.5
67.210.109.185
67.210.109.225
67.210.111.35
67.210.118.200
67.210.123.15
67.210.123.70
67.210.98.195
67.210.98.245
67.222.18.143
67.223.250.16
67.225.141.62
67.225.155.14
67.225.157.22
67.227.132.232
67.227.143.132
67.228.226.12
67.228.235.89
67.228.54.4
67.228.62.66
67.228.85.91
67.59.156.163
69.147.241.196
69.16.227.125
69.163.167.231
69.163.180.32
69.163.240.58
69.163.241.105
69.163.242.91
69.163.242.97
69.175.13.74
69.175.21.186
69.175.39.90
69.64.91.113
69.65.3.168
69.70.151.98
69.73.139.201
69.73.166.6
69.73.180.30
69.90.47.83
70.114.205.110
70.38.31.249
70.85.9.58
70.99.166.228
72.18.137.210
72.232.207.2
72.32.58.140
72.32.91.251
72.47.211.173
72.51.33.26
72.52.150.147
72.52.192.123
72.52.203.55
72.55.146.140
74.124.198.60
74.124.202.87
74.200.76.150
74.201.38.2
74.204.169.23
74.50.20.76
74.52.119.106
74.53.154.162
74.53.24.194
74.53.64.210
74.54.107.136
74.54.22.2
74.55.182.218
74.55.65.134
74.63.197.215
74.86.75.179
75.125.138.2
75.125.143.154
75.125.153.66
75.125.250.26
75.125.254.98
75.126.151.186
75.126.213.59
75.127.102.57
75.127.89.34
76.12.28.36
76.12.28.37
77.221.130.10
77.91.206.140
77.92.74.100
78.108.86.149
78.108.94.61
78.110.50.119
78.110.50.139
78.138.88.237
78.41.233.128
78.46.70.228
78.46.91.40
79.170.45.162
79.170.88.232
79.174.68.88
79.174.72.137
79.175.165.14
81.174.65.26
81.21.192.225
81.21.68.20
81.23.236.82
81.28.98.69
81.93.240.122
81.93.240.149
81.93.240.60
81.93.240.63
81.93.240.99
82.39.188.43
82.76.12.197
82.77.131.46
82.96.90.170
82.98.144.13
82.98.194.16
83.125.73.41
83.125.73.96
83.16.100.218
83.161.235.24
83.170.108.207
84.38.67.248
85.153.27.146
85.153.32.242
85.17.199.105
85.214.70.203
85.33.247.43
85.92.69.191
86.109.105.151
86.109.111.120
87.106.183.116
87.117.239.120
87.117.248.200
87.233.70.121
87.239.159.11
87.239.159.12
87.239.159.13
87.239.159.14
87.252.2.168
87.253.162.10
88.191.94.188
88.198.67.35
88.84.32.80
89.108.121.202
89.108.64.200
89.110.131.43
89.111.176.206
89.111.176.22
89.111.176.231
89.111.176.88
89.111.178.3
89.185.240.101
89.200.169.108
89.200.172.58
89.238.145.196
89.238.72.218
89.247.32.238
89.31.116.11
89.6.10.110
91.103.220.36
91.121.10.53
91.121.11.142
91.121.115.161
91.121.172.217
91.121.2.170
91.121.20.205
91.121.208.42
91.121.21.189
91.121.26.184
91.121.67.226
91.142.209.202
91.149.189.232
91.186.27.166
91.203.68.45
91.209.115.2
92.103.254.153
92.105.44.237
92.38.225.177
92.43.20.37
93.186.192.124
93.89.215.70
94.136.35.223
94.136.38.250
94.136.63.119
94.187.82.8
94.198.96.238
94.198.96.3
94.228.131.90
94.23.11.205
94.23.12.105
94.23.12.221
94.23.197.156
94.23.31.164
94.23.49.196
94.23.6.211
94.247.176.192
94.247.176.194
94.247.177.18
94.247.178.13
94.32.66.69
94.76.254.55
95.131.67.183
95.156.233.139
95.173.162.200
95.215.0.123
95.50.85.99
99.198.127.194

The hidden Easter Egg in these two list... is that some IPs lead directly to IPs that lead directly to the controllers of the Bot networks. Occassionally they test the commands that they intend to send to their Bot network to execute using their own home/work IPs.

In some cases you will note the same IP or web hosting company showing up in BOTH of the compromised IP list. In those cases... two different Bot networks have taken up residence on the same hosting server Wink Odds are that other Bot networks may have also found suitable vulnerabilities on those same hosting servers and ALSO taken up a zombied residence there.


I would like to thank the Bot owner / renter for providing full confirmation that my messages of March 2009 and September 2008 were deadly accurate :


Web Site Hosting Servers hacked to launch attacks.
http://www.infosyssec.com/forum/viewtopic.php?t=3201

2009 Year End Review - the Internet is still phucked up.
( plus reference to my March 2009 situational analysis )
http://www.infosyssec.com/forum/viewtopic.php?t=3175

.
Free IT - Security Magazines and eBooks
Back to top
Display posts from previous:   
   SecurityForumX - Computer Network Virus Security Forum Index -> The Water Cooler All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2012 phpBB Group   ·   SecurityForumX - Computer Network Virus Security






SecurityForumX - Computer Network Virus Security Forum Index   InfoSysSec.com   
SecurityChatX.com   
SecurityForumX.com   
SecurityNewsPortal.com   
HomelandSecurityX.com   
InfoSecMagazine.com