|
Size: 3830
Comment:
|
Size: 5000
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 68: | Line 68: |
| === 牵涉 === * {{{下午清除newbie007 10月27日在UsenetTroll页面的恶意篡改有关。见 http://wiki.woodpecker.org.cn/moin/UsenetTroll?action=info newbie007将UsenetTroll页面的Chris Qie全部改成了ZoomQuiet,也请封禁此用户。 也许 suckmydick、newbie007和Chris Qie是一个人。 }}} * 帐号细节如下... `@ms.com` 可能是 http://www.morganstanley.com/ 一英国公司, * 但是`biilgates`应该也是伪名! 清除之! {{{> grep newbie007 * 1161892362.76.20266:name=newbie007 > cat 1161892362.76.20266 # Data saved '2006-10-27 03:53:44' for id '1161892362.76.20266' aliasname=newbie2007 css_url= date_fmt= datetime_fmt= disabled=0 edit_on_doubleclick=0 edit_rows=20 editor_default=text editor_ui=freechoice [email protected] enc_password={SHA}3S7bh+qet6Mv1AVydtOh+rhhwdU= language= last_saved=1161892424.08 mailto_author=0 name=newbie007 quicklinks= remember_last_visit=0 remember_me=1 show_fancy_diff=1 show_nonexist_qm=0 show_page_trail=1 show_toolbar=1 show_topbottom=0 subscribed_pages= theme_name=woodpecker tz_offset=0 want_trivial=0 wikiname_add_spaces=0 }}} == 截屏 == |
06-10-31.Spamer第3次袭来!
注册为 suckmydick 的东西
20:31 注册后就开始乱改,22:10左右被发现,22:15 发布警报;22:30清除注册名;在[wiki:andelf andelf]和QiangningHong 的协助下 22:43 完成所有污染页面的清除,但是部分附件被恶意删除不能恢复!
- 倡议追踪此人,进行网络鄙视!!!
日志分析
根据 Apache 的日志记录:{{{219.142.250.46 - - [31/Oct/2006:23:04:26 +0800] "GET /moin/UsenetTroll?action=info HTTP/1.1" 200 21694 "http://wiki.woodpecker.org.cn/moin/UsenetTroll" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.7) Gecko/20061008 Firefox/1.5.0.7"
219.142.250.46 - - [31/Oct/2006:23:04:30 +0800] "GET /moin/UsenetTroll?action=AttachFile&do=del&target=b_9F9D4FFB7F3B520D.jpg HTTP/1.1" 200 11240 "http://wiki.woodpecker.org.cn/moin/UsenetTroll?action=info" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.7) Gecko/20061008 Firefox/1.5.0.7" 219.142.250.46 - - [31/Oct/2006:23:04:37 +0800] "GET /moin/FindPage HTTP/1.1" 200 19071 "http://wiki.woodpecker.org.cn/moin/UsenetTroll?action=AttachFile&do=del&target=b_9F9D4FFB7F3B520D.jpg" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.7) Gecko/20061008 Firefox/1.5.0.7" 219.142.250.46 - - [31/Oct/2006:23:08:05 +0800] "GET /moin/UsenetTroll HTTP/1.1" 200 18568 "http://wiki.woodpecker.org.cn/moin/RecentChanges" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.7) Gecko/20061008 Firefox/1.5.0.7" 219.142.250.46 - - [31/Oct/2006:23:08:08 +0800] "GET /moin/UsenetTroll?action=info HTTP/1.1" 200 21983 "http://wiki.woodpecker.org.cn/moin/UsenetTroll" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.7) Gecko/20061008 Firefox/1.5.0.7" 219.142.250.46 - - [31/Oct/2006:23:09:44 +0800] "GET /moin/UsenetTroll?action=diff&rev2=12&rev1=10 HTTP/1.1" 200 27499 "http://wiki.woodpecker.org.cn/moin/UsenetTroll?action=info" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.7) Gecko/20061008 Firefox/1.5.0.7" }}}
居然是使用 FireFox 的东西!!! 访问IP 是 219.142.250.46
IP 追查
{{{> traceroute 219.142.250.46 traceroute to 219.142.250.46 (219.142.250.46), 64 hops max, 44 byte packets
- 1 202.108.44.1 (202.108.44.1) 0.615 ms 0.566 ms 0.566 ms 2 61.135.148.177 (61.135.148.177) 0.528 ms 0.736 ms 0.439 ms 3 202.108.250.6 (202.108.250.6) 0.404 ms 0.594 ms 0.313 ms 4 202.108.46.5 (202.108.46.5) 0.530 ms 0.594 ms 0.567 ms 5 202.106.192.158 (202.106.192.158) 0.653 ms 0.729 ms 0.456 ms 6 202.96.13.170 (202.96.13.170) 1.390 ms 0.843 ms 0.692 ms 7 61.51.26.162 (61.51.26.162) 1.153 ms 2.090 ms 2.515 ms 8 203.135.160.6 (203.135.160.6) 3.095 ms 4.581 ms 4.314 ms 9 219.143.124.5 (219.143.124.5) 4.149 ms 3.727 ms 3.317 ms
10 bj141-130-98.bjtelecom.net (219.141.130.98) 3.528 ms 2.803 ms 2.677 ms 11 bj141-130-142.bjtelecom.net (219.141.130.142) 5.151 ms 4.655 ms 3.948 ms 12 219.142.250.46 (219.142.250.46) 5.334 ms 6.828 ms 5.566 ms 13 219.142.250.46 (219.142.250.46) 5.040 ms 10.212 ms 8.261 ms }}}
http://www.ip138.com/ 查询得知是 北京市 电信 用户!
细节
# Data saved '2006-10-31 20:31:25' for id '1162297883.76.32758' aliasname= css_url= date_fmt= datetime_fmt= disabled=0 edit_on_doubleclick=0 edit_rows=20 editor_default=text editor_ui=freechoice [email protected] enc_password={SHA}5HxYCc1Ml/whq8zt/Yc6TKjZNkk= language= last_saved=1162297885.33 mailto_author=0 name=suckmydick quicklinks= remember_last_visit=0 remember_me=1 show_fancy_diff=1 show_nonexist_qm=0 show_page_trail=1 show_toolbar=1 show_topbottom=0 subscribed_pages= theme_name=woodpecker tz_offset=0 want_trivial=0 wikiname_add_spaces=0
牵涉
{{{下午清除newbie007 10月27日在UsenetTroll页面的恶意篡改有关。见
http://wiki.woodpecker.org.cn/moin/UsenetTroll?action=info newbie007将UsenetTroll页面的Chris Qie全部改成了ZoomQuiet,也请封禁此用户。
也许 suckmydick、newbie007和Chris Qie是一个人。 }}}
帐号细节如下... @ms.com 可能是 http://www.morganstanley.com/ 一英国公司,
但是biilgates应该也是伪名! 清除之!
{{{> grep newbie007 * 1161892362.76.20266:name=newbie007 > cat 1161892362.76.20266 # Data saved '2006-10-27 03:53:44' for id '1161892362.76.20266' aliasname=newbie2007 css_url= date_fmt= datetime_fmt= disabled=0 edit_on_doubleclick=0 edit_rows=20 editor_default=text editor_ui=freechoice email=[email protected] enc_password={SHA}3S7bh+qet6Mv1AVydtOh+rhhwdU= language= last_saved=1161892424.08 mailto_author=0 name=newbie007 quicklinks= remember_last_visit=0 remember_me=1 show_fancy_diff=1 show_nonexist_qm=0 show_page_trail=1 show_toolbar=1 show_topbottom=0 subscribed_pages= theme_name=woodpecker tz_offset=0 want_trivial=0 wikiname_add_spaces=0 }}}
截屏
- attachment:061031-spamer_768x336_scrot.png
attachment:061031-spam_844x656_scrot.png