You are here: Home / Markets / Australia / DoucheRant: Hello, 65.23.157.214…

DoucheRant: Hello, 65.23.157.214…

Posted by GT on July 2, 2009 · 4 Comments 

Some cock-forehead (from IP number 65.23.157.214, which traces to DataRealm Internet Services in Hudson, Wisconsin) just bought himself a whole slew of bad days, by trying the most pathetic mySQL exploit I’ve ever seen.

DataRealm has indicated their willingness to hand over the details of the IP address user – including his name, and physical address.

Note to anyone else like this douche: mySQL exploits are so ‘yesterday’. Whoever is at that PC now had better have proof that it wasn’t them.

Filed under Australia · Tagged with

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

Comments

4 Responses to “DoucheRant: Hello, 65.23.157.214…”
  1. db0 says:
    July 1, 2009 at 6:18 pm

    What do you use to notice and stop exploits? I've been cracked in the past (through XSS in my case) and I'd love to know how to better protect myself.

    • GeoffreyTransom says:
      July 2, 2009 at 5:27 am

      Hi there db0,

      In this case, it showed up in StatPress' "Spy" function, but also in the server log for the 404 page since this hopeless gimboid's attempt was a straightforward use of "http://marketmentat.com/MarketRant//phpmyadmin/main.php" and variations on that theme (using all variants of phpmyadmin/pma/phpadmin and main.php/index.php).

      I've also got index and script protection (in htaccess), and some obfuscation in some php scripts.

      And of course, stripslashes (and sensible use of order by and limit in validation queries) to minimise risk of SQL injection exploits.

      You're never going to avoid good professionals though – that killed my Forums, and I won't reactivate them until they are exploit-proof. Script-kiddies are easy to deal with… and a well-developed global private market for extreme violence helps on the 'teaching them not to do it again' front.

      Cheers

      GT

  2. websteer says:
    July 5, 2009 at 8:55 am

    I have had the same Crock head do the same on one of my domains!
    65.23.157.214 more info
    Windows 98, Internet Explorer 6

    ns1.vnwebhosting.com
    Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
    05/07/2009 09:44:26

    //phpMyAdmin/main.php
    05/07/2009 09:44:28

    //phpmyadmin/main.php
    05/07/2009 09:44:29

    //pma/main.php
    05/07/2009 09:44:33

    //dbadmin/main.php
    05/07/2009 09:44:33

    //mysql/main.php
    05/07/2009 09:44:34

    //php-my-admin/main.php
    05/07/2009 09:44:35

    //myadmin/main.php
    05/07/2009 09:44:36

    //PHPMYADMIN/main.php

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.