Standard nmap scan, there seems to be some snort-like feature enabled on that server or a router further down the chain, as after the scan it then ceased communication with the ip address it was scanned from (not my web browser address) so I investigated further and found that the site is/ was a 1.3.7 as listed conveniently here:
http://www.maternitystar.com.au/docs/
a little more investigation now that the block has cleared show that port 2222 is a forwarded SSH port that you can try and log in on. It's also a Red Hat Enterprise Linux Server because helpfully it says so in the browser headers (you can read them in firefox)
HTTP/1.1 200 OK
Date: Fri, 07 Aug 2009 14:57:32 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_perl/2.0.4 Perl/v5.8.8
Please note that at no point have I attempted to gain access to this machine or it's data. I am just giving a considered opinion that the server has been wrecked, in all likelihood by a script kiddie covering his/ her tracks by doing rm *.php after they've done their business. I saw this a lot about 3/ 4 weeks ago when a proof of concept exploit was published. Also it appears that modifications to morfeus and santy have already been done since requests for zen cart shops are now appearing much higher up the rank in some honey traps I have laid out.
With any luck that site could be restores quite easily depending on the damage the kiddie has done naturally. I'd start by sweeping for backdoors though. The wrecking was probably to cover tracks, professional hackers tend to go quietly in and leave things untouched to the outside eye, (hence the port scan to see if there was any indication of an IRC controlled bot). The more skilled professional hacker tends to be of the opinion that there is no point in hacking a server to reap credit cards, join a bot net, send out spam, store illegal files etc... if the website's owner is going to take down the website because it's been trashed.
I reckon one of two causes. a) big hard drive failure leading to large sections of the drive being unreadable (but not "that" likely as the main directory structure of the site looks intact.
b) script kiddie
Naturally I have only looked from the outside bit like shining a torch on a car wreck, as going in would be covered by the "computer misuse act" in the UK and I haven't been invited.
Philip.
Results 1 to 10 of 2019
Threaded View
-
7 Aug 2009, 04:07 PM #11
Suspended
- Join Date
- Sep 2008
- Posts
- 605
- Plugin Contributions
- 6
Re: Super Orders 2.0
Similar Threads
-
v150 Super Orders v4.0 Support Thread for ZC v1.5.x
By DivaVocals in forum Addon Admin ToolsReplies: 804Last Post: 18 Apr 2025, 12:04 AM -
v139h Super Orders v3.0 Support Thread (for ZC v1.3.9)
By DivaVocals in forum All Other Contributions/AddonsReplies: 1018Last Post: 28 Apr 2014, 11:38 PM -
RE: Super Orders v3.0 Support Thread
By Johnnyd in forum All Other Contributions/AddonsReplies: 0Last Post: 22 Jun 2011, 09:28 AM -
Super Orders 2.0 postage marks with Super Orders
By sketchhgal in forum All Other Contributions/AddonsReplies: 0Last Post: 22 Mar 2009, 03:05 PM -
Edit Orders and Super Orders, anyone doing that?
By swamyg1 in forum All Other Contributions/AddonsReplies: 0Last Post: 4 Feb 2009, 06:03 AM
Bookmarks