Re: Source of attack: Russian nuclear facility?

[Vitaly Osipov <vos () TELENOR CZ>]

Heh, there is a Russian saying meaning "a fear has too big eyes" - sorry I
am not a linguist and cannot translate it correctly. Seems like you just
been hacked through some common hole in php-sql scripts (for example, not
quoting arguments passed to sql queries - most common one) by some student
from Obninsk. Actually there are other people living there, not only bad
nuclear guys :) And the network obninsk.com belongs to local phone operator
(maybe i am mistaken, but it does not seems like this). Btw, there are no
bears in Moscow too :)

btw, I did not found any "iate.obninsk.com" hostname... anyway that phrase
about large warez collection agrees with a "student hacker" idea.  Try to do
the easiest way - contact the persons from RIPE/Networsolutions records.

regards,
Vitaly.

----- Original Message -----
From: "Bryan Willett" <bryan () XLORD DUNSINANE NET>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Sunday, August 06, 2000 11:31 PM
Subject: Source of attack: Russian nuclear facility?


> I created a php based gaming site: www.merchantempires.net.
>
> An unknown person with IP addresses used by iate.obninsk.com,
> is currently hacking the site.  He/she is using some method
> to cheat in the game through altering the database.  I haven't
> figured out if its a simple php bug or other vulnerability.
>
> As to why someone who works for a nuclear facility would
> spend their time hacking my site, I can't say.  It seems
> a little alarming.
>
> I ftped over to the origin IP and discovered that their
> is a large warez collection.
>
> Who do you contact in situations of foreign based intrusion
> such as this?