10th July 2009, Friday Morning, Cloudy as my mood

Life as one of the server administrators.

Recently,it is being noticed that there are few servers here being uploaded with files as below:

===
performance4.php
err404.php
group77php
simple17.php
takes56.php
===

As I am aware of so far, those files were uploaded from host with IP , 213.182.197.226. Erm, someone from Latvia ? Well, those scripts will have ‘err404.php’ blast out emails , while browsing to http://domain_name/err404.php

Hence, I have blocked the IP from some server here.

Below is the log from server end here as reference.

===

Jul  9 05:15:38 hazel pure-ftpd: (rXXXXX@213.182.197.226) [NOTICE] /home/rXXXXX//public_html/considered94/everyone/err404.php uploaded  (5289 bytes, 10.46KB/sec)
Jul  9 05:15:39 hazel pure-ftpd: (rXXXXX@213.182.197.226) [NOTICE] /home/rXXXXX//public_html/considered94/everyone/group77php uploaded  (726 bytes, 2.89KB/sec)
Jul  9 05:15:40 hazel pure-ftpd: (rXXXXX@213.182.197.226) [NOTICE] /home/rXXXXX//public_html/considered94/everyone/simple17.php uploaded  (1001 bytes, 4.00KB/sec)
Jul  9 05:15:41 hazel pure-ftpd: (rXXXXX@213.182.197.226) [NOTICE] /home/rXXXXX//public_html/considered94/everyone/takes56.php uploaded  (1049 bytes, 4.10KB/sec)
Jul  9 05:15:44 hazel pure-ftpd: (rXXXXX@213.182.197.226) [NOTICE] /home/rXXXXX//public_html/considered94/everyone/.htaccess uploaded  (16 bytes, 0.06KB/sec)

===

~Finished