[clean-mx-phishing-895394](209.51.196.245)-->(abuse at ee.net) phishing sites (1 so far) within your network, please close them! status: As of 2011-03-23 23:53:53 CET
Drew Weaver
drew.weaver at thenap.com
Thu Mar 24 13:45:22 UTC 2011
This was an obvious oopsie..
thanks,
-Drew
-----Original Message-----
From: dhcp-users-bounces+drew.weaver=thenap.com at lists.isc.org [mailto:dhcp-users-bounces+drew.weaver=thenap.com at lists.isc.org] On Behalf Of Drew Weaver
Sent: Thursday, March 24, 2011 9:42 AM
To: 'Users of ISC DHCP'
Subject: FW: [clean-mx-phishing-895394](209.51.196.245)-->(abuse at ee.net) phishing sites (1 so far) within your network, please close them! status: As of 2011-03-23 23:53:53 CET
-----Original Message-----
From: abuse at clean-mx.de [mailto:abuse at clean-mx.de]
Sent: Wednesday, March 23, 2011 6:54 PM
To: abuse at ee.net
Cc: soc at us-cert.gov
Subject: [clean-mx-phishing-895394](209.51.196.245)-->(abuse at ee.net) phishing sites (1 so far) within your network, please close them! status: As of 2011-03-23 23:53:53 CET
Dear abuse team,
please help to close these offending phishing sites(1) so far.
status: As of 2011-03-23 23:53:53 CET
http://support.clean-mx.de/clean-mx/phishing.php?email=abuse@ee.net&response=alive
(for full uri, please scroll to the right end ...
You may also subscribe to our PhishWatch Mailinglist, updated hourly at: http://lists.clean-mx.com/cgi-bin/mailman/listinfo/phishwatch
This information has been generated out of our comprehensive real time database, tracking worldwide phishing URI's
most likely also affected pages for these ip may be found via passive dns please have a look on these other domains correlated to these ip
example: see http://www.bfk.de/bfk_dnslogger.html?query=209.51.196.245
If your review this list of offending site, please do this carefully, pay attention for redirects also!
Also, please consider this particular machines may have a root kit installed !
So simply deleting some files or dirs or disabling cgi may not really solve the issue !
Advice: The appearance of a Virus Site on a server means that someone intruded into the system. The server's owner should disconnect and not return the system into service until an audit is performed to ensure no data was lost, that all OS and internet software is up to date with the latest security fixes, and that any backdoors and other exploits left by the intruders are closed. Logs should be preserved and analyzed and, perhaps, the appropriate law enforcement agencies notified.
DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY PROBLEM, THEY WILL BE BACK!
You may forward my information to law enforcement, CERTs, other responsible admins, or similar agencies.
+-----------------------------------------------------------------------
+------------------------
|date |id |ip |domain |Url|
+-----------------------------------------------------------------------
+------------------------
|2011-03-23 20:16:57 CET |895394 |209.51.196.245 |isgreat.org |http://loggingin.isgreat.org/?
+-----------------------------------------------------------------------
+------------------------
Your email address has been pulled out of whois concerning this offending network block(s).
If you are not concerned with anti-fraud measurements, please forward this mail to the next responsible desk available...
If you just close(d) these incident(s) please give us a feedback, our automatic walker process may not detect a closed case
yours
Gerhard W. Recher
(Geschäftsführer)
NETpilot GmbH
Wilhelm-Riehl-Str. 13
D-80687 München
GSM: ++49 171 4802507
Handelsregister München: HRB 124497
w3: http://www.clean-mx.de
e-Mail: mailto:abuse at clean-mx.de
PGP-KEY: Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
Location: http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc
More information about the dhcp-users
mailing list