Results 1 to 3 of 3
Thread: Shutting down botnet?
-
06-07-2005, 08:00 AM #1Junior Guru
- Join Date
- Dec 2002
- Posts
- 216
Shutting down botnet?
Well, I finally have it figured where the botnet is located that is attacking my website.
> - :hub.ch0de.info 333 ZijZJhiddb #.firefakes F 1117966519
> - :hub.ch0de.info 353 ZijZJhiddb @ #.firefakes :ZijZJhiddb @F @kEvIn
> - :hub.ch0de.info 366 ZijZJhiddb #.firefakes :End of /NAMES list.
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - :F!halcy0n@netadmin.chode.net PRIVMSG #.firefakes :%E%=A!>YF]!SR<`
> - :F!halcy0n@netadmin.chode.net PRIVMSG #.firefakes :%E%/@``
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
> - PING :hub.ch0de.info
hub.ch0de.info
I can't find any valid webhost. No valid people to contact. I want this thing shutdown. It is around 10,000 bots as well. We filtered well over 15,000 IP addresses flooding our server.
Any help in reporting this botnet is much appreciated. Better yet someone steal it and shut it the hell down. Either way, I just want this thing gone!
(I hate DDoS'ing script kiddies.)
-
06-07-2005, 09:10 AM #2Junior Guru
- Join Date
- Oct 2003
- Location
- Long Island, New York
- Posts
- 220
Outfit a honeypot machine with the proper monitoring gear, then make sure it gets infected with whatever agent was used to create the botnet. Use the information from this, and manual inspection of the various binaries involved to gather as much information as possible, then engineer your way to its destruction.
TWSites.com - Business Web Hosting Solutions & Server Management Since 2003
-
06-07-2005, 09:53 AM #3WHT Addict
- Join Date
- Nov 2004
- Location
- Marietta PA
- Posts
- 138
I like that idea D0CK though he could be as guilty as the creator in the first place. Those infected machines are not his to attack back. The ip of the ircd or ircds is where I would start find the owner of the that block of ips, most likely it will be a residential isp or another hacked box. Contact the owner of that block reporting your findings with proof, make sure you follow up with them and stay on top of things.
Now sicne I like DoCK idea, it is up to you how moral you are but sure setup the honey pot capture the bot and its password and shut the bots down your self.
the other idea you could do which we use to do alot with xdcc bots is change your irc name to a name like the bot and wait for the idiot to issue a command to the bots that have the password in it.Digital Offensive
http://www.digitaloffensive.com
Take an offensive approach to Security know what your foes know!