[CentOS] Re: I've been hacked -- what should I do next?

Fri Dec 1 21:18:05 UTC 2006
Scott Silva <ssilva at sgvwater.com>

Aleksandar Milivojevic spake the following on 12/1/2006 12:43 PM:
> Quoting Alfred von Campe <alfred at 110.net>:
> 
>> FWIW, the IP addresses are 172.178.63.167 (acb23fa7.ipt.aol.com) and
>> 61.43.153.30.  There is no reverse entry for the latter, so I don't
>> know who to contact.  I'll fire off an email to AOL (not that I think
>> anything will happen).
> 
> You can use a whois database to find the info (for example, there's web
> interface on www.ripe.net).  Info for 61.43.153.30 indicates that this
> IP address is alocated to an provider in South Korea.  Contact addresses
> included:
> 
> inetnum:         61.32.0.0 - 61.43.255.255
> netname:         BORANET-1
> descr:           DACOM Corp.
> descr:           Facility-based Telecommunication Service Provider
> descr:           providing Internet leased-ine, on-line service, BLL etc.
> country:         KR
> admin-c:         DB50-AP
> tech-c:          DB50-AP
> status:          ALLOCATED PORTABLE "status:" definitions
> mnt-by:          APNIC-HM
> mnt-lower:       MNT-KRNIC-AP
> changed:         hostmaster at apnic.net
> 20000918
> source:          APNIC
> 
> role:            DACOM BORANET
> address:         DACOM Bldg., 706-1, Yoeksam-dong, Kangnam-ku, Seoul
> country:         KR
> phone:           +82-2-2089-7755
> fax-no:          +82-2-2089-0706
> e-mail:          ipadm at nic.bora.net
> e-mail:          abuse at bora.net
> e-mail:          security at bora.net
> admin-c:         EC115-AP
> tech-c:          SIJ1-AP
> nic-hdl:         DB50-AP
> remarks:         IP address administrator group of NIC team, DACOM Corp.
> remarks:         If related with spam, send mail to
> abuse at bora.net
> remarks:         If related with security, send mail to
> security at bora.net
> remarks:         Only for whois information correction, send mail to
> ipadm at nic.bora.net
> mnt-by:          MNT-KRNIC-AP
> changed:         jeonsi at bora.net 20041105
> source:          APNIC
Hacked from Korea! There is a surprise!! ;-D


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!