The sites
hosted on this server are under maintenance.
Recently we
were attacked by a hacker from Turkey
Using the c99shell or PHP.Backdoor.Trojan
and managed to
erase most of the files on the
hard disk but
he was so idiot that left traces
behind so we were
able to trace him back.
Legal actions against him are
going to be taken.
I urge
everyone reading this to take measures
and block on
your firewall this block of addresses:
88.242.0.0/15
Location: Turkey (high) [City: Ankara, Ankara]
|
CIDR range
|
88.242.0.0/15
|
|
Netmask
|
255.254.0.0
|
|
Wildcard Bits
|
0.1.255.255
|
|
First IP in range
|
88.242.0.0 (network address)
|
|
Last IP in range
|
88.243.255.255 (broadcast address)
|
|
First
useable IP in range
|
88.242.0.1
|
|
Last
useable IP in range
|
88.243.255.254
|
|
Number of
useable IPs in range
|
131070
|
I know it’s a lot of IPs to
block but believe me there are
a lot of
those Turkish guys attacking sites all over
the planet.
They even have a Forum to brag about
their evil
doings. I suggest that you also block
these
addresses: 83.130.176.0/20
The sad
thing is that somehow they managed to make
Yahoo bots
do the initial work for them.
After we studied the
logs we found out that Yahoo was
used to upload the
malicious files on the server and
then
everybody could use Yahoo search engine to find
compromised
servers and gain access to them doing
pretty
much everything they want on the attacked
machine.