Results 1 to 7 of 7

Thread: ThePlanet abuse

  1. #1

    ThePlanet abuse

    So, I get an instant message via AIM, containing a link to an Internet Explorer browser eploit. The exploit installs a bunch of spyware, and then sends a link to everyone on your buddy list - basically, its a worm.

    The IP; 69.56.129.140
    The Domain Name: write-a-white-paper.com
    The Exploit: Im not going to put that here
    This is hosted at theplanet. I call Tech Support, give him the IP, domain name, and even the full address of the exploit. When I give him the information, he says "it appears that we have already pulled the plug on this server, we are aware of the incident"

    So I get off the phone, quite content that they already solved the issue... Right away, I ping the IP and get a reply. The domain is still up. The exploit is still up.

    That was two hours ago. The domain is still up. The exploit is still up.

    So, if any of you are looking for a datacenter for a new server, I would definitely not go with ThePlanet.

  2. #2
    They have an abuse procedure. Calling up a Tech on the phone is not part of that.

    They have an abuse department, and you need to email them. Do not expect a reply though. However, they will look in to it.
    Don't you walk thru my words
    You got to show some respect
    Don't you walk thru my words
    'Cause you ain't heard me out yet

  3. #3
    Join Date
    Dec 2003
    Location
    United Kingdom
    Posts
    1,389
    The site has been taken offline though. It's not accessible. That's the important thing.

    So it seems ThePlanet is fine. I've got a couple of servers with them myself and I've had no issues with them.

  4. #4
    Join Date
    Dec 2001
    Location
    Toronto, Ontario, Canada
    Posts
    5,954
    Originally posted by TalkMilitary
    They have an abuse procedure. Calling up a Tech on the phone is not part of that.

    They have an abuse department, and you need to email them. Do not expect a reply though. However, they will look in to it.
    As unfortunate as this is, it would seem that for some providers, posting on WHT is part of their "unofficial, yet most effective abuse reporting methods". I've had similar experiences (sending in an email, calling at the same time with the ticket ID/email addy); Though mine are very rarely trivial, I'd expect DDoS reports to be handled a LOT more efficiently then they are by some of the hosts whose (assumedly compromised) servers initiate them.

  5. #5
    Oh, I forgot to note, the call to Tech Support was after emailing abuse and waiting a couple hours

    As far as the website being down, nope its still there:

    bash-2.05a$ wget http://write-a-white-paper.com/XXXXXX.php
    --20:43:35-- http://write-a-white-paper.com/XXXXXX.php
    => `pictures.php.13'
    Resolving write-a-white-paper.com... done.
    Connecting to write-a-white-paper.com[69.56.129.140]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: unspecified [application/octet-stream]

    [ <=> ] 113,117 1.01M/s

    20:43:35 (1.01 MB/s) - `XXXXXX.13' saved [113117]
    The actual path/filename has been replaced with XXXXXX because the last thing I want, is even more people to get exploited.

    I also just checked it in a vmware virtual machine; exploit still working, etc.

    As far as WHT not being the official support, I understand that, but when I have already emailed support, as well as called them, and hours later still get nowhere, I thought perhaps their customers could get through to them. They really didnt seem interested in talking to me, when I told them I wasnt a customer of theirs.

  6. #6
    Join Date
    Dec 2002
    Location
    chica go go
    Posts
    11,858
    C:\>whois write-a-white-paper.com
    [Querying whois.internic.net]
    [Redirected to whois.bulkregister.com]
    [Querying whois.bulkregister.com]
    [whois.bulkregister.com]
    The data in BulkRegister, LLC WHOIS database is provided to you by
    BulkRegister, LLC for information purposes only, that is, to assist you in
    obtaining information about or related to a domain name registration
    record. BulkRegister, LLC makes this information available "as is", and
    does not guarantee its accuracy. By submitting a WHOIS query, you
    agree that you will use this data only for lawful purposes and that,
    under no circumstances will you use this data to: (1) allow, enable,
    or otherwise support the transmission of mass or bulk unsolicited,
    commercial advertising or solicitations via electronic mail, aka (SPAM).
    (2) enable high volume, automated, electronic processes that apply
    to BulkRegister, LLC (or its systems). The compilation, repackaging,
    dissemination or other use of this data is expressly prohibited without
    the prior written consent of BulkRegister, LLC. BulkRegister, LLC reserves
    the right to modify these terms at any time. By submitting this query,
    you agree to abide by these terms.


    Perry S. Marshall & Associates
    1508 Ridgeland Avenue
    Chicago, IL 60402-4900
    US

    Domain Name: WRITE-A-WHITE-PAPER.COM

    Administrative Contact
    Administrative Contact: [email protected]
    Perry S. Marshall & Associates
    1508 Ridgeland Ave
    Chicago, IL 60402
    US
    Phone 7087884461
    Fax 7087884599
    Technical Contact
    Administrative Contact: [email protected]
    Perry S. Marshall & Associates
    1508 Ridgeland Ave
    Chicago, IL 60402
    US
    Phone 7087884461
    Fax 7087884599
    Billing Contact
    Administrative Contact: [email protected]
    Perry S. Marshall & Associates
    1508 Ridgeland Ave
    Chicago, IL 60402
    US
    Phone 7087884461
    Fax 7087884599

    Record updated date: 2004-10-07 06:50:06
    Record created date: 2003-10-14
    Record expires on date: 2005-10-14
    Database last updated on: 2005-04-30 20:49:24 EST

    Domain servers in listed order:

    NS1.THEPLANET.COM 216.234.234.30
    NS2.THEPLANET.COM 12.96.160.115

    TransferGuard LOCK Status => ENABLED

    C:\>nslookup write-a-white-paper.com
    Server: resolver.qwest.net
    Address: 205.171.3.65

    Non-authoritative answer:
    Name: write-a-white-paper.com
    Address: 69.56.129.140


    http://whois.webhosting.info/69.56.129.140
    http://whois.webhosting.info/69.56.129.139
    http://whois.webhosting.info/69.56.129.138
    http://whois.webhosting.info/69.56.129.141
    http://whois.webhosting.info/69.56.129.142

    most of the domains listed on each result page are registered to Perry Marshall. A couple have private registration.

  7. #7
    Voicemail box is full

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •