Author Topic: WEBMASTER, HELP!!!  (Read 1014 times)

psyjax

  • VIP
  • Member
  • ***
  • Posts: 1,871
  • Kudos: 55
WEBMASTER, HELP!!!
« on: 10 April 2002, 22:26 »
Some great members to the Forum are leaving due to the activity of a few idiotoc posters who have been leaving pornographic material and inane commentary all over the forum.

VoidMain, Calum, and Centurian, have been excelent members of this comunity who have contributed loads of valuable information and interesting conversation to the forum.

If they leave for good, little will be left here except name calling, stupid images, and Gossbuny cock.
Psyjax! I RULEZZZZ!!! HAR HAR HAR

Kintaro

  • Member
  • **
  • Posts: 6,545
  • Kudos: 255
  • I want to get the band back together!
    • JohnTate.org
WEBMASTER, HELP!!!
« Reply #1 on: 11 April 2002, 14:07 »
I aggree, maybe you should have users require
to reqest an inviteation to these forums.

In other words people send you an email, you make them an account

CommonSense

  • VIP
  • Member
  • ***
  • Posts: 21
  • Kudos: 0
    • http://www.microsuck.com
WEBMASTER, HELP!!!
« Reply #2 on: 12 April 2002, 07:21 »
OK, I've made some changes to try and rectify the situation.  See this thread for details.

Meanwhile, for your edification, here are the IP addresses of a few of the dumbasses.  (Ahhh, it's nice being the webmaster!)

X12:
213.1.45.2 (webport-cl4-cache5.ilford.mdip.bt.net)

Fake Calum and Fake VoidMan:
66.119.33.167 (proxy.ia4.marketscore.com)

Flaming Bag of Poo:
209.209.195.36 (epri1-p36.bayou.com)

They should be finding themselves unable to log in shortly.

Anybody want to be a moderator?  Supposedly we have one or two others for all these forums, but they come here even less often than I do.

Send me a message at [email protected] if you're interested.

Aaron Ni

  • VIP
  • Member
  • ***
  • Posts: 356
  • Kudos: 33
WEBMASTER, HELP!!!
« Reply #3 on: 12 April 2002, 10:27 »
Oh yeah, this is going to turn into a Santa Claus thread real fast now!  But I check the forums daily, I check most of them and I'd happily mod them.  Yes I doubt it'll happen because I have a low post count.

EDIT:

Ok, I have NeoTrace Pro 3.25 so here's a link to 66.119.33.167's location.

And 209.209.195.36 lives about halfway between Dallas and Fort Worth Texas.

AND!  Here's 213.1.45.2's
location!

Bwuhahaha!

[ April 12, 2002: Message edited by: Aaron ]

You know me.... really...

Kintaro

  • Member
  • **
  • Posts: 6,545
  • Kudos: 255
  • I want to get the band back together!
    • JohnTate.org
WEBMASTER, HELP!!!
« Reply #4 on: 12 April 2002, 11:20 »
quote:

YOU LITTLE RIPPER!!!
Thanks Lads


From the australian Movie "The Castle"

Im going to have some fun with these details.
ill lookup the provider and ask for an Address.

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
WEBMASTER, HELP!!!
« Reply #5 on: 13 April 2002, 07:50 »
quote:
Originally posted by The Webmaster:
OK, I've made some changes to try and rectify the situation.  See this thread for details.

Meanwhile, for your edification, here are the IP addresses of a few of the dumbasses.  (Ahhh, it's nice being the webmaster!)

X12:
213.1.45.2 (webport-cl4-cache5.ilfo
rd.mdip.bt.net)

Fake Calum and Fake VoidMan:
66.119.33.167 (proxy.ia4.marketscore.com)

Flaming Bag of Poo:
209.209.195.36 (epri1-p36.bayou.com)

They should be finding themselves unable to log in shortly.

Anybody want to be a moderator?  Supposedly we have one or two others for all these forums, but they come here even less often than I do.

Send me a message at [email protected] if you're interested.



hmmmm... time to do some nmap scans.

I'll moderate! I love power.. I come here at least once a day (usually 2-8 depending on if i need an answer to a Q), i'm not sure if you've noticed but i have stated frequently that i live here (i sleep behind the linux forum).

 
quote:
said by the admiral general of the US navy:
Power Corrupts.
Absolute Power is kind of neat  
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
WEBMASTER, HELP!!!
« Reply #6 on: 13 April 2002, 21:56 »
quote:
Originally posted by The Webmaster:
OK, I've made some changes to try and rectify the situation.  See this thread for details.

Meanwhile, for your edification, here are the IP addresses of a few of the dumbasses.  (Ahhh, it's nice being the webmaster!)

X12:
213.1.45.2 (webport-cl4-cache5.ilford.mdip.bt.net)

Fake Calum and Fake VoidMan:
66.119.33.167 (proxy.ia4.marketscore.com)

Flaming Bag of Poo:
209.209.195.36 (epri1-p36.bayou.com)

They should be finding themselves unable to log in shortly.

Anybody want to be a moderator?  Supposedly we have one or two others for all these forums, but they come here even less often than I do.

Send me a message at [email protected] if you're interested.


66.119.33.167 has a bunch of UDP ports open, do a UDP port scan to see them.
Lives on N 11th street san jose, just a little bit up from Julian E.
I amy have just accidentally flooded his computer,  it was up one second and down the next.
He is running a Quake3Server on UDP port:27960
He also has AOL doing something on UDP port:5193


[ April 13, 2002: Message edited by: Master of Reality ]

[ April 13, 2002: Message edited by: Master of Reality ]

Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
WEBMASTER, HELP!!!
« Reply #7 on: 13 April 2002, 22:37 »
how about i just do this:

22/udp     open        ssh
67/udp     open        bootps                  
161/udp    open        snmp
162/udp    open        snmptrap
1024/udp   open        unknown
1349/udp   open        sbook                  
1353/udp   open        relief                  
1361/udp   open        linx                    
1363/udp   open        ndm-requester
1368/udp   open        screencast
1385/udp   open        atex_elmd              
1404/udp   open        igi-lm
1415/udp   open        dbstar
1432/udp   open        blueberry-lm            
1446/udp   open        ora-lm                  
1458/udp   open        nrcabq-lm              
1480/udp   open        pacerforum              
1494/udp   open        citrix-ica              
1500/udp   open        vlsi-lm
1512/udp   open        wins                    
1515/udp   open        ifor-protocol          
1516/udp   open        vpad                    
1528/udp   open        mciautoreg              
1540/udp   open        rds                    
1546/udp   open        abbaccuray
1646/udp   open        radacct                
1670/udp   open        netview-aix-10
1991/udp   open        stun-p2
2019/udp   open        about                  
2021/udp   open        xinuexpansion1          
2025/udp   open        xribs                  
2027/udp   open        shadowserver            
2045/udp   open        cdfunc                  
2049/udp   open        nfs                    
3900/udp   open        udt_os                  
5193/udp   open        aol-3
5713/udp   open        proshareaudio          
7002/udp   open        afs3-prserver          
7006/udp   open        afs3-errors            
7200/udp   open        fodms
18000/udp  open        biimenu                
27960/udp  open        Quake3Server
32776/udp  open        sometimes-rpc16

1361/udp   open        linx  < could he be using linux, unless you can get linx for another OS?

[ April 13, 2002: Message edited by: Master of Reality ]

[ April 13, 2002: Message edited by: Master of Reality ]

Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
WEBMASTER, HELP!!!
« Reply #8 on: 14 April 2002, 03:00 »
It sure looks like a *NIX system. If the boneheads were using a proxy server, the proxy server's address would show up in the logs and not their actual machine IP. Only problem with that thought is which port is the proxy port? None of the ports look like a proxy port. I'm not sure what the "linx" port is or what it's for but it doesn't stand for Linux if that's what you thought.  In fact the scan you post shows an interestingly large number of open ports. Things like "nfs" being on would indicate that whoever runs the machine either doesn't know what they are doing or it's a honey pot. Looks to me like it's most likely an IBM machine running AIX.

[ April 13, 2002: Message edited by: VoidMain ]

Someone please remove this account. Thanks...

ravuya

  • VIP
  • Member
  • ***
  • Posts: 517
  • Kudos: 0
WEBMASTER, HELP!!!
« Reply #9 on: 14 April 2002, 21:19 »
I sent an email applying for a mod job on the Mac forum (lots of idiots there).

Check [email protected] mail for something from [email protected]

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
WEBMASTER, HELP!!!
« Reply #10 on: 14 April 2002, 10:58 »
quote:
Originally posted by VoidMain:
It sure looks like a *NIX system. If the boneheads were using a proxy server, the proxy server's address would show up in the logs and not their actual machine IP. Only problem with that thought is which port is the proxy port? None of the ports look like a proxy port. I'm not sure what the "linx" port is or what it's for but it doesn't stand for Linux if that's what you thought.  In fact the scan you post shows an interestingly large number of open ports. Things like "nfs" being on would indicate that whoever runs the machine either doesn't know what they are doing or it's a honey pot. Looks to me like it's most likely an IBM machine running AIX.

[ April 13, 2002: Message edited by: VoidMain ]


there is a browser called linx (knock-off of lynx) for linux, i believe.

As for what OS, i couldnt get anything using a FIN, XMAS, or NULL scan, so i thought at first that it might have been windows (because billy doesnt like going with "normal" protocols). I couldnt see any open TCP ports, but this large number of UDP ports. I tried doing a stealth TCP scan, using decoys at insane speed on all his ports, after i did that, his computer went offline...I think i might have flooded it, or he noticed me doing something and ran away.

[ April 14, 2002: Message edited by: Master of Reality ]

Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

ravuya

  • VIP
  • Member
  • ***
  • Posts: 517
  • Kudos: 0
WEBMASTER, HELP!!!
« Reply #11 on: 14 April 2002, 21:23 »
You probably overloaded his little AOL dialup. And why would he have that many ports open? It's probably a honeypot, we'd have better success calling up his ISP and reporting him.

Kintaro

  • Member
  • **
  • Posts: 6,545
  • Kudos: 255
  • I want to get the band back together!
    • JohnTate.org
WEBMASTER, HELP!!!
« Reply #12 on: 15 April 2002, 15:13 »
Not report him, do some social engineering    Say that your the FBI and that you suspect that he downloads Gigabytes of child porn, and thats probably not far from the truth.  

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
WEBMASTER, HELP!!!
« Reply #13 on: 15 April 2002, 19:55 »
whats a honey pot?
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
WEBMASTER, HELP!!!
« Reply #14 on: 16 April 2002, 05:46 »
quote:
Originally posted by Master of Reality:

there is a browser called linx (knock-off of lynx) for linux, i believe.



But even if there were a browser called "linx" it wouldn't have it's own named port. Named ports are for services/daemons.
Someone please remove this account. Thanks...