Liquidweb trying to hack my server? [Archive]

View Full Version : Liquidweb trying to hack my server?

microsol

03-28-2003, 04:17 PM

Just saw flashing this by.

Do they provide dialup or dsl?

64.91.232.201 - - [28/Mar/2003:15:06:53 -0500] "GET /cgi-sys/guestbook.cgi?user=cpanel&template=|id| HTTP/1.0" 404 215
64.91.232.201 - - [28/Mar/2003:15:06:53 -0500] "GET /cgi-sys/guestbook.cgi?user=cpanel&template=|id| HTTP/1.0" 404 215 "-" "--"

03/28/03 21:15:16 IP block 64.91.232.201
Trying 64.91.232.201 at ARIN
Trying 64.91.232 at ARIN

OrgName: Liquid Web
OrgID: LQWB
Address: 5195 Jet Drive Suite 2
City: Lansing
StateProv: MI
PostalCode: 48911
Country: US

NetRange: 64.91.224.0 - 64.91.255.255
CIDR: 64.91.224.0/19
NetName: LIQUIDWEB
NetHandle: NET-64-91-224-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: NS.LIQUIDWEB.COM
NameServer: NS1.LIQUIDWEB.COM
NameServer: NS2.LIQUIDWEB.COM
NameServer: NS9.LIQUIDWEB.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-07-20
Updated: 2003-01-28

TechHandle: AL621-ARIN
TechName: Admin Liquidweb, Admin
TechPhone: +1-800-580-4985
TechEmail: webmaster@liquidweb.com

OrgTechHandle: IPADM47-ARIN
OrgTechName: IP Administrator
OrgTechPhone: +1-800-580-4985
OrgTechEmail: ipadmin@liquidweb.com

clockwork

03-29-2003, 12:29 AM

I bet they were compromised (read: CPanel) and whoever did that is now launching scans/attacks from their server. I recommend you inform them immediately of their lack of security.

inteltechs

03-29-2003, 01:56 AM

Originally posted by clockwork
I bet they were compromised (read: CPanel) and whoever did that is now launching scans/attacks from their server. I recommend you inform them immediately of their lack of security.

those servers could have belonged to their customers :)

VNPIXEL

03-29-2003, 02:25 AM

you should contact liquidweb and let them know about this. I wonder what version of Cpanel they are using now? this guestbook issue had been fixed for a long time.

mpope

03-29-2003, 04:12 AM

That doesn't mean that the liquidweb's server was comprimised via the guestbook exploit... it means that they are trying to hack your server via the guestbook exploit. ;)

Anyway, if you're up to date with cpanel you don't have anything to worry about. It would still be nice to let liquidweb know about this though.

microsol

03-29-2003, 06:40 AM

I don't even run CPanel on this box, no panel at all :laugh:

spf6

03-29-2003, 07:48 PM

Welcome to the club I get stuff like this all the time.....

TowerHost

03-29-2003, 09:03 PM

Are these appearing in your error_log?

microsol

03-30-2003, 07:39 AM

Nope, in the access_log of our company website.