Hacker Alert: cdos.eu.tv

[macaws]

Hello.
Today I would like to warn you about the user "cdos.eu.tv". He destroyed our web host. Let me leave it at that. He attacked almost every account on the server. The IC3 and I are tracking him. Currently, he is on a host called driphost.com. I emailed them all ready, as he already has his little hacking script online. He finds a host, hacks, then ditches. Be warned.

 

[Snat]

Did you get any name, IP address etc of this person ?

It will help people whom are hosts to block the person.

 

[macaws]

I'm still trying to find that. It will be hard, because he probably uses fake details.
I have an email: bobyhikaru@inbox.com. So I am assuming that it is Boby Hikaru.

 

[macaws]

Add:
smmsWEB's privacy policy is void when the host is destroyed.

 

[Snat]

Well, with it being on what seems to be a free subdomain provider and a free inbox service, I will have to say the chances of it being real details are very low.

Would be wise to contact eu.tv though about it, they may be helpful.

Edit

The details held for that subdomain are. Real or fake, I do not know.

Rizal Fahmi (rizal@iglobalsmart.net)
jln.mesjid lama
23362 Aceh (Atjeh)
Indonesia
Phone: 081360192800

 

[aloycasmir]

Sorry to hear about your host macaws .
And thanks a lot for caring to warn us all even in times of such a tragedy .

You have my condolences .
Take care bro .
And May Santa Get you a new server so you can start afresh...

Best Regards,
Aloycasmir

 

[CS Squad]

macaws,
how he hack the server?
did ur web hosting server provide ssh or he is doing it tru shell scripts?

 

[Schmarvin]

I think driphost wanders these forums if I'm not mistaken.

 

[macaws]

I have 2 IPs. I believe they are both Indonesia.
Here they are:
118.137.63.219
202.174.143.74
He apparently uses fake details with some things.

 

[macaws]

He uses some sort of PHP script. The files that I can recall from it are:
scan.php
spy.php

And then there was some sort of config file. I was trying not to touch anything, because I didn't want to set it off.

 

[CS Squad]

oh, that means it is a shell script then.
anyway, as long as u secure ur PHP, he cannot do anything with it.

 

[Richard]

He uses some sort of PHP script. The files that I can recall from it are:
scan.php
spy.php

And then there was some sort of config file. I was trying not to touch anything, because I didn't want to set it off.

As stated above - if you had secured your PHP installation, he would not have been able to do anything.

 

[macaws]

Our PHP installation IS secure. Which is why he worried us. Just, to all hosts.. be careful with this one.

 

[Schmarvin]

Our PHP installation IS secure. Which is why he worried us. Just, to all hosts.. be careful with this one.

Apparently not. I can secure PHP and no one can touch it. And since you said he hacked the server, I can guarantee you didn't secure PHP or you didn't secure it properly.

 

[CS Squad]

i agree with Schmarvin,
if the PHP is well secured, there is no way a PHP shell script can execute any shell command at all.

 

[Richard]

Our PHP installation IS secure. Which is why he worried us. Just, to all hosts.. be careful with this one.

if he used a PHP shell script to hack your server, it was NOT secure

 

[macaws]

Then our new server will be secured more heavily.

 

[CS Squad]

Then our new server will be secured more heavily.

if u need to outsource the hardening service, u may PM me

 

[tlchosting]

Here is another IP he is using,

IP Address: 202.174.143.77
E-Mail Address: webmaster@indonesianhacker.org
First Name: panyoet
Last Name: aceh
Company Name: IH team
Address 1: jln.indonesian no.1
Address 2:
City: Redondo Beach
State: CA
Postcode: 24454
Country: GB - United Kingdom
Phone Number: 081520655488

 

[CS Squad]

it seems like his IP is a dynamic IP.....
so i think it is hard to catch him...