HomeForumsGeneral DiscussionLamers

egihosting.com is insecure

7 replies [Last post]
6 October, 2013 - 05:48
RaT
RaT's picture
Offline
SX High Council
Joined: 2008/03/12

Wanted to apologize to everybody for a little site slowness this AM. We've been building some new kernels - which require rebooting the server. Upon the latest reboot, I forgot to load the previously saved iptables rules. As a result, our block of all of the netblocks owned by egihosting.com didn't get loaded - so we got to see more DoS fun.

This attack involved more than the logs I'm posting, but we've decided it's mostly a waste of our time to paste attack logs here. The funny thing is that every time egihosting.com is unblocked for more than a few days, we get hit with a lame GET style DoS attack from their network. Because we're not seeing these attacks from other hosting companies, my assumption is that egihosting.com has some of the worst security among hosting providers. I mean, whoever is attacking us clearly isn't skilled enough to get into other hosting companies, or they would be doing that and attacking us on the regular.

For those of you that are curious, we have spoken in great detail with egihosting.com - but they seem to be clueless how to secure their network or even pinpoint the attacks. This is clearly a company whose technicians have their heads up their asses.

So if you're unskilled and want a place to hack with tons of bandwidth, try egihosting.com Wink

Log Snippet:

68.68.96.230 - - [06/Oct/2013:04:49:49 -0400] "GET /= HTTP/1.1" 302 477 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)"
68.68.96.230 - - [06/Oct/2013:04:49:49 -0400] "GET /= HTTP/1.1" 302 477 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)"
68.68.96.230 - - [06/Oct/2013:04:49:49 -0400] "GET /= HTTP/1.1" 302 477 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)"
68.68.96.230 - - [06/Oct/2013:04:49:49 -0400] "GET /= HTTP/1.1" 302 477 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)"
68.68.96.230 - - [06/Oct/2013:04:49:49 -0400] "GET /= HTTP/1.1" 302 477 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)"
68.68.96.230 - - [06/Oct/2013:04:49:49 -0400] "GET /= HTTP/1.1" 302 477 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)"
68.68.96.230 - - [06/Oct/2013:04:49:49 -0400] "GET /= HTTP/1.1" 302 477 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)"
68.68.96.230 - - [06/Oct/2013:04:49:49 -0400] "GET /= HTTP/1.1" 302 477 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)"

Top