Results 1 to 3 of 3
  1. #1

    Shutting down botnet?

    Well, I finally have it figured where the botnet is located that is attacking my website.

    > - :hub.ch0de.info 333 ZijZJhiddb #.firefakes F 1117966519
    > - :hub.ch0de.info 353 ZijZJhiddb @ #.firefakes :ZijZJhiddb @F @kEvIn
    > - :hub.ch0de.info 366 ZijZJhiddb #.firefakes :End of /NAMES list.
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - :F!halcy0n@netadmin.chode.net PRIVMSG #.firefakes :%E%=A!>YF]!SR<`
    > - :F!halcy0n@netadmin.chode.net PRIVMSG #.firefakes :%E%/@``
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    > - PING :hub.ch0de.info
    The IRC's admin (by the code name of halcy0n) is the guy who managed to get a backup of my forum database, sending an email to around 15,000 people with an infection for the botnet. Now the botnet is being used on my website. If you are wondering how he got the backup, he used to be hosted on the server I am on. Now that I finally know where the botnet is, who is there that I can contact to get this thing shut down?

    hub.ch0de.info

    I can't find any valid webhost. No valid people to contact. I want this thing shutdown. It is around 10,000 bots as well. We filtered well over 15,000 IP addresses flooding our server.

    Any help in reporting this botnet is much appreciated. Better yet someone steal it and shut it the hell down. Either way, I just want this thing gone!

    (I hate DDoS'ing script kiddies.)

  2. #2
    Join Date
    Oct 2003
    Location
    Long Island, New York
    Posts
    220
    Outfit a honeypot machine with the proper monitoring gear, then make sure it gets infected with whatever agent was used to create the botnet. Use the information from this, and manual inspection of the various binaries involved to gather as much information as possible, then engineer your way to its destruction.
    TWSites.com - Business Web Hosting Solutions & Server Management Since 2003

  3. #3
    Join Date
    Nov 2004
    Location
    Marietta PA
    Posts
    138
    I like that idea D0CK though he could be as guilty as the creator in the first place. Those infected machines are not his to attack back. The ip of the ircd or ircds is where I would start find the owner of the that block of ips, most likely it will be a residential isp or another hacked box. Contact the owner of that block reporting your findings with proof, make sure you follow up with them and stay on top of things.

    Now sicne I like DoCK idea, it is up to you how moral you are but sure setup the honey pot capture the bot and its password and shut the bots down your self.

    the other idea you could do which we use to do alot with xdcc bots is change your irc name to a name like the bot and wait for the idiot to issue a command to the bots that have the password in it.
    Digital Offensive
    http://www.digitaloffensive.com
    Take an offensive approach to Security know what your foes know!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •