• There seems to be an uptick in Political comments in recent months. Those of us who are long time members of the site know that Political and Religious content has been banned for years. Nothing has changed. Please leave all political and religious comments out of the forums.

    If you recently joined the forums you were not presented with this restriction in the terms of service. This was due to a conversion error when we went from vBulletin to Xenforo. We have updated our terms of service to reflect these corrections.

    Please note any post refering to a politician will be considered political even if it is intended to be humor. Our experience is these topics have a way of dividing the forums and causing deep resentment among members. It is a poison to the community. We appreciate compliance with the rules.

    The Staff of SOH

  • Server side Maintenance is done. We still have an update to the forum software to run but that one will have to wait for a better time.

We Have Been Hacked

Thanks for all your efforts Ickie (and every one of the Admins) I can appreciate your pain, I administrate a Hard of Hearing forum and we were hit a few months ago. I do truly wish the RACK was still in use for some offenses...

Best of luck, and keep the caffeine flowing.
 
Thanks Ickie and others who helped clean up this latest attack on this forum. :ernae:

Public flogging should be mandatory for the little swine when they're caught.

Pete.
 
Results for 216.240.150.178:

Registrar: American Registry for Internet Numbers (ARIN)
IP Address: 216.240.150.178

Whois results from whois.arin.net:
OrgName: ATMLINK, INC.
OrgID: ATMLIN
Address: 600 W. 7th Street
Address: Suite 360
City: Los Angeles
StateProv: CA
PostalCode: 90017
Country: US

NetRange: 216.240.128.0 - 216.240.159.255
CIDR: 216.240.128.0/19
NetName: C-COMMUNICATIONS
NetHandle: NET-216-240-128-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.CALPOP.COM
NameServer: NS2.CALPOP.COM
Comment:
RegDate: 1999-09-22
Updated: 2006-03-30

OrgAbuseHandle: NOC1610-ARIN
OrgAbuseName: Network Operations Center
OrgAbusePhone:
cb_transparent_l.gif
us.gif
space.gif
space.gif
arrow.gif
space.gif
space.gif
space.gif
space.gif
space.gif
space.gif
space.gif
+1-213-627-1937
cb_transparent_r.gif

OrgAbuseEmail: noc@atmlinkinc.com

OrgNOCHandle: KJO26-ARIN
OrgNOCName: Joostens, Ken
OrgNOCPhone:
cb_transparent_l.gif
us.gif
space.gif
space.gif
arrow.gif
space.gif
space.gif
space.gif
space.gif
space.gif
space.gif
space.gif
+1-213-627-1937
cb_transparent_r.gif

OrgNOCEmail: ken@calpop.com

OrgTechHandle: NOC1610-ARIN
OrgTechName: Network Operations Center
OrgTechPhone:
cb_transparent_l.gif
us.gif
space.gif
space.gif
arrow.gif
space.gif
space.gif
space.gif
space.gif
space.gif
space.gif
space.gif
+1-213-627-1937
cb_transparent_r.gif

OrgTechEmail: noc@atmlinkinc.com

# ARIN WHOIS database, last updated 2008-10-19 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
URL to this Cached Result: http://coolwhois.com/d/216.240.150.178/20081020101753
 
Assuming his (her, their) info was real, right?

So sorry --
lots of trash on the web lately.
A real shame.

Thank you for your dedication indeed!
 
Maybe as someone else suggested here at SOH we tie wire around his family jewels as he is standing on a block of ice in a warm room . Maybe I would add alittle "Water Boarding " after that. I hope the legal system quits slapping these litle bast--ds hands and start getting tougher . It makes no sense whatsover ,:banghead::banghead:what they hope to accomplish other than pure mischief and create alot of hardwork for others .
 
Folks try to remember that History repeats its self....

With that in mind does anyone Remember Kansas Bloody Kansas :d

Kansas is close to Oklahoma which is right on the Border of Texas. The place where the "He needed Killin Law" still is in place.

To temper things (this kind of talk)

Actions of these types are best left to the Authorities. No good can come of taking the law into your own hands.
 
...The way I see it, unfortunately,....it's the sign of our times. Some knucklehead wants to get his jollies by messing with something he can't even relate to. But it makes him satisfied he's brought grief to the SOH web sight.
 
Canelo_Kid said:
For the life of me I don't understand why any hacker would attack a public supported site that is FREE. A site who without volunteers and contributors would not exsist and never made a penny in it's history.
:isadizzy:
Click to expand...

CK it is very obvious why they would want to attack this type of site. Look at the traffic here. They stand a great chance of spreading their code (that was whatever to do whatever). If not for the diligence of the security staff they could have infected hundreds of people in a short amount of time.
 
It was a winders server code, we are linux, so the big bang didn't happen. It just made our pages not work at all.
It was in html and when a person clicks on the page it suppose to take them to a website where a trogan will get them.
 
Ickie
You have all the information you need to turn over to the FBI, If you do
not call them, he may be back with something even WORSE and be doing it to others. MAKE the call.ckissling
 
Hi Folks

It's probably not as simple as that,
as they're not that dumb.

The IP most likely only indicates the last hop in the route.
i.e.
either part of a botnet
or through a compromised server.

From the access logs I see,
within in the space of a couple of seconds,
they access from multiple IPs
located all over the world.



The website hosting the trojan
wouldn't even be aware it was there.



HTH
ATB
Paul
 
Kansas?

<table align="center" bgcolor="#ffffdd" border="1" cellpadding="3" cellspacing="0" width="450"><tbody><tr> <td align="right">IP Address</td> <td>216.240.150.178</td></tr> <tr> <td align="right">City</td> <td>LOS ANGELES</td></tr> <tr> <td align="right">State or Region</td> <td>CALIFORNIA</td></tr> <tr> <td align="right">Country</td> <td>UNITED STATES</td></tr> <tr> <td align="right">ISP</td> <td>ATMLINK INC. </td></tr></tbody></table>

<table><tbody><tr> <td align="right">Country Code</td> <td align="right"><input readonly="readonly" value="US" name="ro-no_bots_pls12"></td> <td align="right">Country</td> <td align="right"><input readonly="readonly" value="United States" name="ro-no_bots_pls13"></td> <td align="left"> <table border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <td valign="bottom"> Distance to Nearby Cities
</td></tr></tbody></table></td></tr> <tr> <td align="right">Region Code</td> <td align="right"><input readonly="readonly" value="USCA" name="ro-no_bots_pls14"></td> <td align="right">Region</td> <td align="right"><input readonly="readonly" value="California" name="ro-no_bots_pls15"></td> <td align="right" valign="top">
km, mi, City, Region, Country
</td></tr> <tr> <td align="right">City Code</td> <td align="right"><input readonly="readonly" value="USCALANG" name="ro-no_bots_pls16"></td> <td align="right">City</td> <td align="right"><input readonly="readonly" value="Los Angeles" name="ro-no_bots_pls17"></td> <td rowspan="8" align="right" valign="top">
<textarea name="ro" rows="16" readonly="readonly" cols="41">0 0 Los Angeles, CA, US 9 5 Florence, CA, US 10 6 Huntington Park, CA, US 11 6 West Hollywood, CA, US 11 6 Culver City, CA, US 11 6 Maywood, CA, US 12 7 Inglewood, CA, US 12 7 Beverly Hills, CA, US 13 8 Bell, CA, US 13 8 Glendale, CA, US 14 8 South Gate, CA, US 15 9 South Pasadena, CA, US 15 9 Monterey Park, CA, US 15 9 Alhambra, CA, US 16 10 Bell Gardens, CA, US 16 10 Burbank, CA, US 16 10 Hawthorne, CA, US 16 10 Lynwood, CA, US 16 10 Willow Brook, CA, US 16 10 Studio City, CA, US 16 10 City of Industry, CA, US 17 10 Toluca Lake, CA, US 17 10 Valley Village, CA, US 17 10 Marina Del Rey, CA, US 17 10 Universal City, CA, US 17 10 La Crescenta, CA, US 17 10 North Hollywood, CA, US 17 10 Montebello, CA, US 18 11 Pasadena, CA, US 18 11 Compton, CA, US 18 11 Gardena, CA, US 18 11 El Segundo, CA, US 18 11 San Marino, CA, US 18 11 Venice, CA, US 19 11 Playa del Rey, CA, US 19 11 Montrose, CA, US 19 11 Sherman Oaks, CA, US 19 11 Verdugo City, CA, US 19 11 Downey, CA, US 19 11 Pico Rivera, CA, US 19 11 Rosemead, CA, US 19 11 San Gabriel, CA, US 19 11 Lawndale, CA, US 20 12 Paramount, CA, US 20 12 Santa Monica, CA, US 20 12 North Hills, CA, US 21 13 Manhattan Beach, CA, US 22 13 Altadena, CA, US 22 13 Sun Valley, CA, US 22 13 Temple City, CA, US 22 13 South El Monte, CA, US 23 14 Van Nuys, CA, US 23 14 Santa Fe Springs, CA, US 23 14 Pacific Palasaides, CA, US 23 14 Hermosa Beach, CA, US 23 14 La Canada Flintridge, CA, US 24 15 Encino, CA, US 24 15 Torrance, CA, US 24 15 Carson, CA, US 24 15 Bellflower, CA, US 24 15 Redondo Beach, CA, US 25 15 Norwalk, CA, US 25 15 Arcadia, CA, US 25 15 El Monte, CA, US 25 15 Panorama City, CA, US 25 15 Whittier, CA, US 25 15 Pacoima, CA, US 25 15 Pacific Palisades, CA, US 25 15 Sunland, CA, US 26 16 Sierra Madre, CA, US 27 16 Tujunga, CA, US 27 16 Lakewood, CA, US 28 17 Artesia, CA, US 28 17 Harbor City, CA, US 29 18 Tarzana, CA, US 29 18 Hacienda Heights, CA, US 29 18 Lomita, CA, US 29 18 Mount Wilson, CA, US 29 18 Cerritos, CA, US 30 18 Baldwin Park, CA, US 30 18 Monrovia, CA, US 30 18 La Mirada, CA, US 30 18 Mission Hills, CA, US 30 18 Wilmington, CA, US 30 18 Reseda, CA, US 31 19 San Fernando, CA, US 31 19 Hawaiian Gardens, CA, US 31 19 Topanga, CA, US 31 19 Palos Verdes Peninsula, CA, US 31 19 La Puente, CA, US 31 19 Long Beach, CA, US 32 20 Duarte, CA, US 32 20 La Palma, CA, US 33 20 Woodland Hills, CA, US 33 20 Winnetka, CA, US 33 20 Sylmar, CA, US 33 20 Northridge, CA, US 34 21 Rancho Palos Verdes, CA, US 34 21 La Habra, CA, US 34 21 Buena Park, CA, US 34 21 Cypress, CA, US 34 21 West Covina, CA, US 34 21 Granada Hills, CA, US 34 21 Los Alamitos, CA, US 35 21 San Pedro, CA, US 35 21 Canoga Park, CA, US 36 22 Azusa, CA, US 36 22 Rowland Heights, CA, US 37 23 Calabasas, CA, US 38 23 Seal Beach, CA, US 38 23 Stanton, CA, US 38 23 West Hills, CA, US 38 23 Covina, CA, US 39 24 Fullerton, CA, US 39 24 Chatsworth, CA, US 39 24 Malibu, CA, US 39 24 Walnut, CA, US 40 25 Surfside, CA, US 41 25 Glendora, CA, US 42 26 Brea, CA, US 42 26 Sunset Beach, CA, US 42 26 Westminster, CA, US 43 26 Valencia, CA, US 43 26 Newhall, CA, US 43 26 Anaheim, CA, US 43 26 Garden Grove, CA, US 44 27 Diamond Bar, CA, US 44 27 Placentia, CA, US 44 27 Midway City, CA, US 45 28 Valyermo, CA, US 45 28 San Dimas, CA, US 46 28 Stevenson Ranch, CA, US 46 28 Agoura Hills, CA, US 47 29 Atwood, CA, US 47 29 Canyon Country, CA, US 48 30 Oak Park, CA, US 48 30 Acton, CA, US 48 30 Huntington Beach, CA, US 49 30 Fountain Valley, CA, US 49 30 Pomona, CA, US 49 30 Santa Clarita, CA, US 50 31 Orange, CA, US 51 31 Simi Valley, CA, US 51 31 Yorba Linda, CA, US 51 31 Villa Park, CA, US 52 32 Westlake Village, CA, US 52 32 Chino Hills, CA, US 52 32 Santa Ana, CA, US 53 33 La Verne, CA, US 54 33 Claremont, CA, US 55 34 Montclair, CA, US 55 34 Thousand Oaks, CA, US 55 34 Littlerock, CA, US 56 35 Tustin, CA, US 56 35 Costa Mesa, CA, US 57 35 Chino, CA, US 59 36 Upland, CA, US 60 37 Pearblossom, CA, US 60 37 Newport Beach, CA, US </textarea>
</td></tr> <tr> <td align="right">CityId</td> <td align="right"><input readonly="readonly" value="7275" name="ro-no_bots_pls5"></td> <td align="right">Certainty</td> <td align="right"><input readonly="readonly" value="93" name="ro-no_bots_pls18"></td></tr> <tr> <td align="right">Latitude</td> <td align="right"><input readonly="readonly" value="34.0452" name="ro-no_bots_pls10"></td> <td align="right">Longitude</td> <td align="right"><input readonly="readonly" value="-118.2840" name="ro-no_bots_pls19"></td></tr> <tr> <td align="right">Capital City</td> <td align="right"><input readonly="readonly" value="Washington, DC " name="ro-no_bots_pls8"></td> <td align="right">TimeZone</td> <td align="right"><input readonly="readonly" value="-08:00" name="ro-no_bots_pls9"></td></tr> <tr> <td align="right">Nationality Singular</td> <td align="right"><input readonly="readonly" value="American" name="ro-no_bots_pls7"></td> <td align="right">Population</td> <td align="right"><input readonly="readonly" value="278058881" name="ro-no_bots_pls3"></td></tr> <tr> <td align="right">Nationality Plural </td> <td align="right"><input readonly="readonly" value="Americans" name="ro-no_bots_pls2"></td> <td align="right">Is proxy</td> <td align="right"><input readonly="readonly" value="false" name="ro-no_bots_pls11"></td></tr> <tr> <td align="right">CIA Map Reference</td> <td align="right"><input readonly="readonly" value="North America " name="ro-no_bots_pls4"></td> <td align="right">Currency</td> <td align="right"><input readonly="readonly" value="US Dollar" name="ro-no_bots_pls1"></td></tr> <tr> <td align="right">MapBytes Remaining</td> <td align="right"><input readonly="readonly" value="Free" name="ro-no_bots_pls6"></td> <td align="right">Currency Code </td> <td align="right"><input readonly="readonly" value="USD" name="ro-no_bots_pls"></td></tr></tbody></table>

<table border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <td colspan="3">216.240.150.178</td></tr> <tr> <td valign="top" nowrap="nowrap">Record Type:</td> <td width="5"> </td> <td valign="top">IP Address</td></tr> <tr> <td colspan="3">
</td></tr> <tr> <td colspan="3" valign="top">
OrgName: ATMLINK, INC.
OrgID: ATMLIN
Address: 600 W. 7th Street
Address: Suite 360
City: Los Angeles
StateProv: CA
PostalCode: 90017
Country: US

NetRange: 216.240.128.0 - 216.240.159.255
CIDR: 216.240.128.0/19
NetName: C-COMMUNICATIONS
NetHandle: NET-216-240-128-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.CALPOP.COM
NameServer: NS2.CALPOP.COM
Comment:
RegDate: 1999-09-22
Updated: 2006-03-30

OrgAbuseHandle: NOC1610-ARIN
OrgAbuseName: Network Operations Center
OrgAbusePhone: +1-213-627-1937
OrgAbuseEmail: noc@atmlinkinc.com

OrgNOCHandle: KJO26-ARIN
OrgNOCName: Joostens, Ken
OrgNOCPhone: +1-213-627-1937
OrgNOCEmail: ken@calpop.com

OrgTechHandle: NOC1610-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-213-627-1937
OrgTechEmail: noc@atmlinkinc.com
</pre></td></tr></tbody></table>
 
Before you all go and lynch the wrong person, make sure that you understand the results of the information from ARIN. This Ken Joostens is the network operations contact for ATMLINK Inc., and they have an extensive range of IP addresses of which the one listed in the thread happens to be in.

You therefore need to send email to noc@atmlinkinc.com identifying the IP address from which the attack originated, details of the logs to identify dates/times and any more details (down to a protocol level if possible), and then let them do their job.

Also, do not be quick to believe that it was necessarily a targeted attack. Many of the exploits out there are just scripts which copy themselves around to vulnerable sites which they find at random by picking IP addresses. The machines which sometimes run the attacks were themselves exploited by a virus/malware, and the users are totally unaware that their machine has been compromised and is doing work for the virus/malware developer.

Jeff
 
You must log in or register to reply here.
Back
Top