RE: [cobalt-users] IPs related to hackers

["Donna Lever" <webmaster@xxxxxxxxxxxxxxxxxx>]

> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of
> Jonathan Nichols
>
> >  > 211.174.58.76
> >>  211.218.145.88
> >>  different services but both from Korea.
> >
> >>>i had an entry in my ftp logs from Korea.  the only unknown
entry.
> >
> >I don't know about the rest of you but I don't like taking
> this from others,
> >anything we can do as a group..... even offensively? Fight
> fire with fire???
> >
> Ack! No! :P The best idea? Contact the people that are in
control of
> the IP addresses that are being used. If they don't shut them
off,
> contact their upstream provider and have *them* shut them
off....
> It works, most of the time. Friend of mine got hit with that
t0rnkit
> thing.. found that it was downloading tainted .rpm files from
some
> FTP space in Canada. Turns out it was some kid, using the
family ISP
> account that was storing tainted .rpm files. A quick call to
the
> hosting company, and the FTP site mysteriously vanished... and
> hopefully, someone got a good punishment at home. ;)

Well, forgive me for being off-topic, but there's been so many
machines compromised this week, the loss of man-hours and the
associated costs must be astounding. I'd sleep sounder knowing
those responsible were held criminally responsible, and made to
pay the amount in damages they caused, rather than having their
'net privledges were removed for a week or have their parents
give them a sound 'talking-to'.

I also saw a few hack attempts from korea on one machine I'm
running, and had another compromised by the Bind Hack. Luckily,
my provider has excellent support, and I didn't personally need
to spend a lot of time and effort having things corrected. I feel
for those who were on their own after one of these hacks.

--
Donna Lever
Smart Artist Web Services
http://www.smartartist.com.au/