|\___/| -=[ISSUE - NO 3]=- =) ^Y^ (= -=[OF]=- \ ^ / )=*=( ______________________________ __ ____________ _ / \ |.-----.--.--.--.-----.-----.--| | ___ ___ _| || | | || _ | | | | | -__| _ | | . | | . || /| | | |\ ||_____|________|__|__|_____|_____| |__,|_|_|___|| \| | |_|/\ | | | ______ |__//_// ___/ __ | | | .-----.--.--.-----.| |.-----.--\_).--| || | | | | -__|_ _| _ || || ||__ --| -__| _ || | | | |_____|__.__| __|| || ||_____|_____|_____|| |_/ \__________________________|__|___| || |___________________| |______| Featuring... .---. /\ Brought to you by .---. / . \ / \ your Happy Ninjas / . \ |\_/| | | | |\_/| | | | /| | b | | | /| .-----------------------' | | a | .---------------------------' | / .-. | | c | / .-. | | / \ Intro | | k | | / \ The Happy Ninja Faker | | |\_. | St0re.cc | | | | |\_. | Swissfaking.net | |\| | /| El-Basar.biz | | | |\| | /| Vpn24.org | | `---' | | | o | | `---' | | | |------------------' | n | | |----------------------' \ | .---. | c | \ | .---. \ / / . \ | e | \ / / . \ `---' |\_/| | | | `---' |\_/| | | | /| | | | | /| .-----------------------' | | a | .---------------------------' | / .-. | | g | / .-. | | / \ Undercover.su | | a | | / \ Secure-Host.in | | |\_. | k!LLu's Botnet | | i | | |\_. | Unique-Crew.net | |\| | /| | | n | |\| | /| | | `---' | | | | | `---' | | | |------------------' | | | |----------------------' \ | .---. | h | \ | .---. \ / / . \ | e | \ / / . \ `---' |\_/| | | r | `---' |\_/| | | | /| | e | | | /| .-----------------------' | | | .---------------------------' | / .-. | | | / .-. | | / \ Zion-Network.net | | t | | / \ Some leftovers | | |\_. | Hackbase.cc | | o | | |\_. | Outro | |\| | /| | | | |\| | /| | | `---' | | | | | `---' | | | |------------------' | r | | |----------------------' \ | | m | \ | \ / | | \ / `---' | /\ | `---' :\______|/ \|______/: \__0day______0day__/ | /\ | || || || || || || || || | \/ | \____/ (____) First of all, here is the verification of the sha1 hash we published when hba-crew got owned: 49bd4433fff1b04530dcaff1f52fa971ff895871 = sha1(HAPPY_NINJAS_ARE_STAYING_HAPPY_exp03) ,;~;, /\_ ( / (() //) | \\ ,,;;'\ __ _( )m=((((((((((((((========={ Intro }=========------- /' ' '()/~' '.(, | ,;( )|| | ~ Tonight's the night. And it's going to happen, ,;' \ /-(.;, ) again and again. It has to happen. ) / ) / // || We all want to welcome you to a brand new issue )_\ )_\ of Owned and exp0sed! Before we get to the fun part, we'd just like to clarify some things since there has been a lot going on on the internet since our last issue. Movements, as they put it, like Anonymous or the short-lived phenomenon of Lulzsec have gotten an increasingly important topic to media and the public. We want to line out our motivation in contrast to theirs. Anonymous has tried to gain as much media attention as possible by inflicting the most damage possible on big companies and service providers. Similarily, Lulzsec have attacked various websites and published an enormous amount of information. However, while it's their goal to put up pressure on governments and big organizations, it's ours to protect the public from the abysses of the internet. Fraud is our main concern and we intent to contain it as much as possible. While Anon and Lulzsec toss out their stuff within weeks, we take our time to gain access, collect data and aggregate it nicely for you, our readers. This is why there is a substantial time span between our releases. We of course also monitor the German and international fraud scene as it recovers from our attacks; it's hard to stop something that is driven by selfishness, greed and money. We also find it worrying that Anonymous and especially Lulzsec act in what they call "Operation Antisec". The original Antisec Movement was brought to life by actual hackers and targeted full disclosure and the corporate security industry. Publishing gigantic amounts of (corporate) data on the internet does exactly the opposite: It provides the security industry with the attention they need and hence new customers. But let's now look at why we are here today. "Money is the root of all evil" as the proverb has it; and it's why fraud communities do come back after we have owned and exposed them; but as long as they carry on, we do, too. Fraudsters ought to know that they're not safe because we are going to hunt down every single site that is left. We experience the fraud scene scattering wider and wider after every issue we have published; new boards, and with them new admins, emerge out of nowhere. That just shows well again how stubborn fraudsters are as most of them still refuse to accept that they lost their right to exist on the internet. It's particularly frustrating that they don't seem to draw lessons from getting owned again and again. That being said we can just strongly advise you to spend your time on something worthwhile. It's not too late ... ,;~;, _/\ \ ) (\\ ()) /';;,, // | -------========={ St0re.cc }==========))))))))))))))=m( )_ __ | ,(.' '~/()' ' '\ Let's head to our first target. Fraud or scene ~ | ||( );, shops in general have not been our main concern. ( ,;.)-\ / ';, During our many break-ins in other fraud \ ( \ ( communities, we often were dazzled with glaring || \\ banners of underground markets where you could buy /_( /_( "fresh" CCs, PayPal accounts or socks5 proxies to stay "secure" while carding. So by now we got the hint that it might be worth finding out out how often and by whom these shops were really used. It's quite impressive how much money you can make by simply stealing PayPal accounts with a RAT and not using it for fraud but for selling it to scammers instead. That's why we clicked on the first banner we saw and concluded that it would be a noble action to root. We actually got pretty lucky since st0re.cc was not the only credit card store on that server. We spotted some others like the infamous El-Basar.biz (it was already shown in a German tv show), the rest is not worth to mention. Anyway this is what you get if you decide to buy credit cards in a webshop: You will get owned and exposed. Like always. # uname -a FreeBSD 6.4-RELEASE-p11 i386 i386 SMP-GENERIC # id uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) # cat /etc/passwd # $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $ # root:*:0:0:Charlie &:/root:/usr/local/bin/bash toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5:System &:/:/usr/sbin/nologin bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8:News Subsystem:/:/usr/sbin/nologin man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin _dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin cyrus:*:60:60:the cyrus mail server:/nonexistent:/usr/sbin/nologin nukeuploads:*:1001:1001:User &:/home/nukeuploads:/bin/sh ayoga:*:1002:1002:User &:/home/ayoga:/sbin/nologin alg:*:1004:1004:User &:/home/alg:/bin/sh propiska:*:1005:1005:User &:/home/propiska:/sbin/nologin msk:*:1007:1007:User &:/home/msk:/sbin/nologin vestacomp:*:1006:1006:User &:/home/vestacomp:/sbin/nologin crank2010:*:1016:1016:User &:/home/crank2010:/sbin/nologin lordknight:*:1019:1019:User &:/home/lordknight:/bin/sh madrage:*:1003:1003:User &:/home/madrage:/bin/sh scenehack:*:1008:1008:User &:/home/scenehack:/sbin/nologin thefuelru:*:1009:1009:User &:/home/thefuelru:/sbin/nologin mr101:*:1021:1021:User &:/home/mr101:/bin/sh szenevz:*:1011:1011:User &:/home/szenevz:/sbin/nologin exchanger:*:1012:1012:User &:/home/exchanger:/bin/sh filip:*:1023:1023:User &:/home/filip:/sbin/nologin mmgen:*:1018:1018:User &:/home/mmgen:/sbin/nologin ganymedes:*:1024:1024:User &:/home/ganymedes:/sbin/nologin garf:*:1031:1031:User &:/home/garf:/sbin/nologin onlineschauen:*:1013:1013:User &:/home/onlineschauen:/bin/sh snetwork:*:1022:1022:User &:/home/snetwork:/sbin/nologin useresu:*:1010:1010:User &:/home/useresu:/sbin/nologin useresu1:*:1026:1026:User &:/home/useresu1:/sbin/nologin margosha:*:1020:1020:User &:/home/margosha:/sbin/nologin pavlrse:*:1027:1027:User &:/home/pavlrse:/sbin/nologin muraaat:*:1000:1000:User &:/home/muraaat:/sbin/nologin test4me:*:1014:1014:User &:/home/test4me:/bin/sh # cat /etc/master.passwd # $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $ # root:*:0:0::0:0:Charlie &:/root:/usr/local/bin/bash toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5::0:0:System &:/:/usr/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin _dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin postfix:*:125:125::0:0:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin cyrus:*:60:60::1172782800:0:the cyrus mail server:/nonexistent:/usr/sbin/nologin nukeuploads:$1$hO28fqpU$OL/RovJhduUxEqR3kBawe.:1001:1001::0:0:User &:/home/nukeuploads:/bin/sh ayoga:$1$CNCuqfrs$p7QpuHI6jagkVUyvGO5MI.:1002:1002::0:0:User &:/home/ayoga:/sbin/nologin alg:$1$A07..akS$.TPW7o0ZCO25bB6AltS/Q.:1004:1004::0:0:User &:/home/alg:/bin/sh propiska:$1$Hgb0peXw$2wtRLXytI9Mmwbsxi/RAI.:1005:1005::0:0:User &:/home/propiska:/sbin/nologin msk:$1$yqxdalvS$IPYorMt8h.pMqc3V8mdED0:1007:1007::0:0:User &:/home/msk:/sbin/nologin vestacomp:$1$bL6RZJ2K$f7CTWRj.ps2Q9XuImy4sI1:1006:1006::0:0:User &:/home/vestacomp:/sbin/nologin crank2010:*:1016:1016::0:0:User &:/home/crank2010:/sbin/nologin lordknight:*:1019:1019::0:0:User &:/home/lordknight:/binbreak-ins in other fraud/sh madrage:*:1003:1003::0:0:User &:/home/madrage:/bin/sh scenehack:*:1008:1008::0:0:User &:/home/scenehack:/sbin/nologin thefuelru:*:1009:1009::0:0:User &:/home/thefuelru:/sbin/nologin mr101:*:1021:1021::0:0:User &:/home/mr101:/bin/sh szenevz:*:1011:1011::0:0:User &:/home/szenevz:/sbin/nologin exchanger:*:1012:1012::0:0:User &:/home/exchanger:/bin/sh filip:$1$asb5GyOE$OHPPapNFMf6zKA5FvrIpE/:1023:1023::0:0:User &:/home/filip:/sbin/nologin mmgen:$1$bnXQT0ng$obWjcBQFTBTKk83ElXfDt0:1018:1018::0:0:User &:/home/mmgen:/sbin/nologin ganymedes:$1$95EongK1$fFPWI1ePR8VKBIAQ/LwUu0:1024:1024::0:0:User &:/home/ganymedes:/sbin/nologin garf:$1$xzEPVuNH$26jps1eOPu2hNObvlcgkH0:1031:1031::0:0:User &:/home/garf:/sbin/nologin onlineschauen:$1$RihNUTco$hzbht5CwvI/h3X0cGe8T91:1013:1013::0:0:User &:/home/onlineschauen:/bin/sh snetwork:$1$y0T7yJX4$ER.mYpG3P21qlz3qgQWtN.:1022:1022::0:0:User &:/home/snetwork:/sbin/nologin useresu:$1$6J5xPk5F$sfpn5pAKTlf10hX3kSKkv.:1010:1010::0:0:User &:/home/useresu:/sbin/nologin useresu1:$1$gPsMDoWO$.Ve9Z8tEQLZrlF7MrP6ZH1:1026:1026::0:0:User &:/home/useresu1:/sbin/nologin margosha:*:1020:1020::0:0:User &:/home/margosha:/sbin/nologin pavlrse:$1$AKfcvELm$oImAlQWKKDaEd.dimM6wY/:1027:1027::0:0:User &:/home/pavlrse:/sbin/nologin muraaat:*:1000:1000::0:0:User &:/home/muraaat:/sbin/nologin test4me:$1$nNH.D3yA$2KQeYLwqG3TcFHOc9toFL0:1014:1014::0:0:User &:/home/test4me:/bin/sh # pwd /root # ls -la total 715748 drwxr-xr-x 4 root wheel 512 Sep 9 04:43 . drwx--x--x 18 root wheel 512 Apr 12 19:59 .. -rw------- 1 root wheel 10017 Sep 26 02:59 .bash_history -rw------- 1 root wheel 67 Sep 9 17:00 .cvspass -rw------- 1 root wheel 50 Feb 9 2011 .lesshst drwxr-xr-x 3 root wheel 512 Sep 26 02:57 .mc -rw------- 1 root wheel 1344 May 20 03:24 .mysql_history drwx------ 2 root wheel 512 Aug 14 19:22 .ssh -rwxr-xr-x 1 root wheel 241 Jul 21 00:11 addban.sh -rw-r--r-- 1 root wheel 601437 Apr 12 17:56 apache.log -rwxr-xr-x 1 root wheel 89 Mar 6 2010 apache_watchdog.php -rwxr-xr-x 1 root wheel 4184 Feb 2 2011 mydumpsplitter.sh -rwxr-xr-x 1 alg www 365607550 Feb 1 2011 zzz.sql # cat .bash_history apachectl restart exit tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log /usr/local/etc/rc.d/apache22 restart top -S tail -f /var/log/httpd/httpd_access.log /usr/local/etc/rc.d/apache22 restart /usr/local/etc/rc.d/apache22 restart /usr/local/etc/rc.d/apache22 restart cd /home/alg/ mc mysql -u root -p`cat /etc/my.passwd ` cd db_split/ mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < postindex.sql ls -la mcedit postindex.sql mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < adminlog.sql mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < attachment.sql top cd .. wget wget http://platon.sk/cvs/cvs.php/___checkout___/scripts/perl/mysql/mysqldump-convert.pl?rev=1.5&content-type=text/plain mysqldump-convert.pl mc ls mcedit mysqldump-convert.pl\?rev\=1.5 mc cat db_split/postindex.sql | ./mysqldump-convert.pl > postindex.sql mcedti postindex.sql mcedit postindex.sql mcedit mysqldump-convert.pl mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < postindex.sql exit mc /usr/local/etc/rc.d/apache22 restart top mc date exit mc cd /home/nukeuploads/nukeuploads.com/ chown nukeuploads:nukeuploads google4973efd9f5db5c16.html mc apachectl restart uptime top tail -n 1000 /var/log/httpd/httpd_access.log ps aux | grep nginx mc exit apachectl stop uptime uptime uptime uptime uptime top apachectl start exit tail -n 1000 /var/log/httpd/httpd_access.log exit top apachectl restart top tail -n 1000 /var/log/httpd/httpd_access.log tail -n 1000 /var/log/httpd/httpd_access.log exit apachectl restart top exit tail -f /var/log/httpd/httpd_access.log apachectl stop killall -9 httpd apachectl start tail -f /var/log/httpd/httpd_access.log ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http mc -d ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http top ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http top top uptime uptime uptime uptime uptime uptime top cd /home/kirbysho/ mc uptime uptime uptime mcedit /usr/local/etc/apache22/vhosts/kirbysho.conf apachectl restart top mc mcedit /usr/local/etc/apache22/vhosts/kirbysho.conf apachectl restart uptime uptime uptime uptime uptime uptime top tail -n 100 /var/log/httpd/httpd_access.log uptime uptime uptime uptime top exit apachectl restart exit tail -f /var/log/httpd/httpd_access.log killall -9 httpd apachectl restart top tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru mc -d date date date date date date date date killall -9 httpd apachectl start tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru tail -n 10000 /var/log/httpd/httpd_access.log | grep "russian-elite" > /root/apache.log mc killall -9 httpd apachectl start top tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru killall -9 httpd apachectl start tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru cat /var/log/httpd/httpd_access.log | grep kirby-shop.ru > /var/log/httpd_kirby.log cat /var/log/httpd/httpd_access.log cat/var/log/httpd_kirby.log cp /var/log/httpd_kirby.log cp /var/log/httpd_kirby.log /home/kirbysho/ ls /home/kirbysho/ exit tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log top top ps ax tail -f /var/log//httpd/httpd_access.log tail -f /var/log//httpd/httpd_access.log ps ax top ls -l ping ya.ru ping google.com exit mc tail -f /var/log/httpd/httpd_access.log mc mc mysql -unukeuploads_gla -p -h db.nukeuploads.com nukeuploads_gla mysql -unukeuploads_gla -p -h mysql -unukeuploads_gla -p -h mysql -unukeuploads_gla -p -h 92.241.164.71 nukeuploads_gla mc nslookup mc nslookup tail -n 1000 /var/log/httpd/httpd_access.log exit tail -n 1000 /var/log/httpd/httpd_access.log top exit tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log tail -n 1000 /var/log/httpd/httpd_access.log exit tail -n 100 /var/log/httpd/httpd_access.log tail -n 100 /var/log/httpd/httpd_access.log | grep russian | wc -l exit tail -f /var/log/httpd/httpd_access.log touch ~/addban.sh chmod +x ~/addban.sh mcedit ~/addban.sh tail -n 100 /world/sec1005/var/log/httpd/httpd_access.log | grep 'swissfaking.net' | awk '{print }' | sort | uniq -c | sort -n | awk '{if ($1>3) print $2}' /usr/local/etc/rc.d/apache22 restart /usr/local/etc/rc.d/apache22 restart tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log /usr/local/etc/rc.d/nginx status tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log tcpdump -nn host 187.160.244.66 tcpdump -nni bge0 host 187.160.244.66 tcpdump -nni bge0 host 187.160.244.66 sort /var/log/httpd/httpd_load.log | awk '{print $1}' | uniq -c mc mc -d php -V php -v mysql -v mysql -V top mc ls -la cd /home/margosha/ ls -la pwd mc killall -9 mc ls -la cd forum.la2amadis.ru/ ls -la cd .. ls -la chown -cRv margosha:www ./* chown -cRv margosha:www ./* chown -cR margosha:www ./* chown -R margosha:www ./* ls -la cd forum.la2amadis.ru/ ls -la cd .. ls -la cd la2amadis.ru/ ls -la mc ps ax w ps axu ps axu tail -f /var/log/httpd/httpd_access.log exit ps wauxf cat /proc/22623/cmdline kill -9 22623 ps wauxf df -h cd /home/toco123/ ls -la cd 00/ ls -la mc killall -9 mc ps wauxf df -h ls /tmp ls -la ls -la /tmp/ ps wauxf df -h w cd / ls -la cat /etc/fsta ps wauxf kill -9 22623 cd /tmp/ ls -la rm a.* ls -la tail -f /var/log/httpd/httpd_access.log w ps wauxf ifconfig cd /home/ ls -la mc cd /home/margosha/ tar czfv backup.tgz forum.la2amadis.ru la2amadis.ru mc chown margosha:www backup.tgz mc php -v cd /usr/ports/mail/php-imap cd /usr/ports/ cd ./mail ls |grep imap cd php5-imap make install clean cd /usr/local/etc/ ls mc mc cd /usr/ports/mail/php52-imap make install clean cd /usr/ports/mail/php5-imap make install clean portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 cd /usr/ports/mail/php52-imap portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 cd /usr/ports/ports-mgmt/portdowngrade make install clean make install clean cd /usr/ports/mail/php5-imap portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 cd /usr/ports/mail/php5-imap portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 php -m whereis portdowngrade cd /usr/ports/ports-mgmt/portdowngrade make install clean cd /usr/ports/devel/popt make install clean cd /usr/ports/devel/libtool22 make install clean cd - make install clean uname -a php -v cd /usr/ports/lang/php52-extensions/ make config make cd ../php5-extensions/ make config make php -v portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 touch /root/.cvspass portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 php -v portdowngrade -s :pserver:anoncvs@anoncvs.fi.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.fi.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 -o anoncvs portdowngrade -o anoncvs -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -o=anoncvs -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -o anoncvs -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.manov.su:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.manov.su:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.manov.su:/home/ncvs lang/php5 server_args = -f --allow-root=/test pserver cat /etc/inetd.conf cat /etc/inetd.conf | grep allow portdowngrade -s :pserver:anoncvs@cvsup13.tw.freebsd.org:/home/ncvs lang/php5 portdowngrade -s :pserver:cvsup13.tw.freebsd.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs1.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@cvsup13.fr.freebsd.org:/home/ncvs lang/php5 mc php -v | grep imap php -m | grep imap portdowngrade -s :pserver:anoncvs@anoncvs1.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs2.FreeBSD.org:/home/ncvs lang/php5 php -v portdowngrade lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs1.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncv lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -r -s :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :login:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s ":pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs" lang/php5 portdowngrade -s ":pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs" lang/php5 portdowngrade -o -s ":pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs" lang/php5 portdowngrade -o -s ":pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs" lang/php5 cd /usr/ports/mail/php5-imap/ make config make cd .. cd .. mc cd distfiles/ fetch http://downloads.php.net/ilia/php-5.2.5.tar.bz2 cd .. cd mail/php5-imap/ make make install php -m php -m | grep imap ls /var/db/pkg/| grep extre ls /var/db/pkg/| grep exte ls mc # cd /home/mmgen total 44 drwxr-x--- 7 mmgen www 512 Jun 11 13:18 . drwx--x--x 28 root wheel 1024 Sep 14 17:31 .. drwxrwx--- 5 mmgen www 512 Jun 11 15:22 dodo.st0re.cc drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 st0re.cc drwxrwx--- 3 mmgen www 512 Jan 26 2011 st0re.mmgen.st0re drwxrwx--- 4 mmgen www 512 Dec 2 2010 st0re.morgen.w2c.ru drwxrwx--- 2 mmgen www 10240 Oct 1 16:32 temp # cd dodo.st0re.cc # ls -la total 96 drwxrwx--- 5 mmgen www 512 Jun 11 15:22 . drwxr-x--- 7 mmgen www 512 Jun 11 13:18 .. drwxr-xr-x 2 mmgen www 512 Jun 11 15:21 css drwxr-xr-x 4 mmgen www 2048 Jun 11 15:23 images -rw-r--r-- 1 mmgen www 38106 Jun 11 15:23 index.html drwxr-xr-x 2 mmgen www 512 Jun 11 15:21 js # cd .. # cd st0re.mmgen.st0re # ls -la total 16 drwxrwx--- 3 mmgen www 512 Jan 26 2011 . drwxr-x--- 7 mmgen www 512 Jun 11 13:18 .. drwxr-xr-x 4 mmgen www 1536 Jan 26 2011 Neues Verzeichnis -rw-r--r-- 1 mmgen www 1034 Dec 2 2010 index.html # cd "Neues Verzeichnis" # ls -la total 237856 drwxr-xr-x 4 mmgen www 1536 Jan 26 2011 . drwxrwx--- 3 mmgen www 512 Jan 26 2011 .. -rw-r--r-- 1 mmgen www 12326 Jan 26 2011 2.pl -rw-r--r-- 1 mmgen www 3790 Jan 26 2011 2.png -rw-r--r-- 1 mmgen www 697711 Jan 26 2011 22.png -rw-r--r-- 1 mmgen www 164 Jan 26 2011 280539654158.kwm -rw-r--r-- 1 mmgen www 1608 Jan 26 2011 280539654158.pwm -rw-r--r-- 1 mmgen www 40882 Jan 26 2011 4.jpg -rw-r--r-- 1 mmgen www 40505 Jan 26 2011 Banner4.jpg -rw-r--r-- 1 mmgen www 1280 Jan 26 2011 Command Prompt.lnk -rw-r--r-- 1 mmgen www 231 Jan 26 2011 Data.txt -rw-r--r-- 1 mmgen www 900 Jan 26 2011 Daten.rtf -rw-r--r-- 1 mmgen www 661429 Jan 26 2011 Enterpage.png -rw-r--r-- 1 mmgen www 126738 Jan 26 2011 Enterpage_for_gamekings_eu_by_Frizzl3.jpg -rw-r--r-- 1 mmgen www 1616155 Jan 26 2011 FILE0009.rar -rw-r--r-- 1 mmgen www 952 Jan 26 2011 Fake Webcam (No Preview Mode).lnk -rw-r--r-- 1 mmgen www 942 Jan 26 2011 Fake Webcam.lnk -rw-r--r-- 1 mmgen www 1950 Jan 26 2011 FileZilla Client.lnk -rw-r--r-- 1 mmgen www 1192 Jan 26 2011 Foxit Reader.lnk -rw-r--r-- 1 mmgen www 10374720 Jan 26 2011 MasterCard-Abrechnung.psd -rw-r--r-- 1 mmgen www 1889 Jan 26 2011 Mozilla Firefox.lnk -rw-r--r-- 1 mmgen www 22207 Jan 26 2011 Neues Textdokument.txt -rw-r--r-- 1 mmgen www 137 Jan 26 2011 PSN2.txt drwxr-xr-x 2 mmgen www 512 Jan 26 2011 Pack_Pixel_Arrows_01 drwxr-xr-x 2 mmgen www 512 Jan 26 2011 Packstation -rw-r--r-- 1 mmgen www 38207488 Jan 26 2011 PhotoshopCS4Portable.rar -rw-r--r-- 1 mmgen www 1139 Jan 26 2011 SQLRIP.lnk -rw-r--r-- 1 mmgen www 1884 Jan 26 2011 SendBlaster.lnk -rw-r--r-- 1 mmgen www 2505 Jan 26 2011 Skype.lnk -rw-r--r-- 1 mmgen www 318050 Jan 26 2011 St0re.jpg -rw-r--r-- 1 mmgen www 4574766 Jan 26 2011 St0re.psd -rw-r--r-- 1 mmgen www 679964 Jan 26 2011 St0re2.jpg -rw-r--r-- 1 mmgen www 24560317 Jan 26 2011 St0reinfo - Shopdesign2.psd -rw-r--r-- 1 mmgen www 1124 Jan 26 2011 TeamViewer 6.lnk -rw-r--r-- 1 mmgen www 917 Jan 26 2011 WebMoney Keeper Classic 3.9.3.1.lnk -rw-r--r-- 1 mmgen www 40467 Jan 26 2011 Werbung.png -rw-r--r-- 1 mmgen www 3821 Jan 26 2011 btn2.png -rw-r--r-- 1 mmgen www 68286 Jan 26 2011 btn2.psd -rw-r--r-- 1 mmgen www 748437 Jan 26 2011 exported data.txt -rw-r--r-- 1 mmgen www 1179 Jan 26 2011 head.gif -rw-r--r-- 1 mmgen www 1789314 Jan 26 2011 head.psd -rw-r--r-- 1 mmgen www 2084608 Jan 26 2011 hinten.png -rw-r--r-- 1 mmgen www 791 Jan 26 2011 new 2.txt -rw-r--r-- 1 mmgen www 1133 Jan 26 2011 new 5.txt -rw-r--r-- 1 mmgen www 528 Jan 26 2011 new 9.txt -rw-r--r-- 1 mmgen www 3318 Jan 26 2011 passwords.txt -rw-r--r-- 1 mmgen www 145044 Jan 26 2011 pp.rar -rw-r--r-- 1 mmgen www 31694808 Jan 26 2011 setup.exe -rw-r--r-- 1 mmgen www 353781 Jan 26 2011 store.rar -rw-r--r-- 1 mmgen www 74196 Jan 26 2011 title.gif -rw-r--r-- 1 mmgen www 76765 Jan 26 2011 title_unreg.gif -rw-r--r-- 1 mmgen www 2286399 Jan 26 2011 vorne.png -rw-r--r-- 1 mmgen www 1087 Jan 26 2011 wrub4sts.lnk # # cat passwords.txt j_username=sny@vtxmail.ch j_password=tino55 pin=tino55 j_username=office@vertec-systems.com j_password=121066 pin= j_username=DeineMutter@fickich.net j_password=Diehuredie pin=1234dudummestier j_username=HeyduFotze@magdich.net j_password=ArschPo pin=verarschmichnicht j_username=mybigmouth@web.de j_password=andrea pin=1950 j_username= j_password= pin= j_username=Rainer.Keberle@online.de j_password=finepix4700 pin= j_username=1746378 j_password= pin=q206mitte j_username=1746378 j_password= pin=q206mitte j_username=2187452 j_password= pin=q206mitte j_username=rababa@whitehouse.gov j_password=dollar pin=4711 j_username=170734837 j_password=express12 pin= j_username=office@otto-stoeckl.com j_password= pin= j_username=170734837 j_password=express pin=12 j_username=nicole.dargel@gmx.de j_password=Diving66 pin= j_username=claudia.schultz@shell.com j_password=chris1 pin=4449 j_username=claudia.schultz@shell.com j_password=chris1 pin=4449 j_username=claudia.schultz@shell.com j_password=chris1 pin= j_username=734093 j_password=19birgit pin=7578 j_username=734093 j_password=19nadine pin=7578 j_username=734093 j_password=birgit pin=7578 j_username=sabina.mastrogiovanni@gmx.de j_password=2dU8yU9qY4aC pin=5942 j_username=sabina.mastrogiovanni@gmx.de j_password=2dU8yU9qY4aC pin=5942 j_username=Heldmann_C@web.de j_password= pin=6237 j_username=Heldmann_C@web.de j_password= pin=6237 j_username=benjamin.egermann@gmail.com j_password=pcarmy pin=6039 j_username=sabina.mastrogiovanni@gmx.de j_password=2dU8yU9qY4aC pin=5942 j_username= j_password= pin= j_username=danisahne8283@aol.com j_password= pin=masenfan j_username=danisahne8282@aol.com j_password=masenfan pin=5556 j_username=danisahne8283@aol.com j_password= pin= j_username=danisahne8283@aol.com j_password=masenfan pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username=hannesvw@gmail.com j_password= pin=9016 j_username=Thomas.Wunder@hv-s.de j_password=Mannheim pin= j_username=mail@obu-hamburg.de j_password=obu2009 pin= j_username=mail@obu-hamburg.de j_password=2493 pin= j_username=mail@obu-hamburg.de j_password=OBU2009 pin= j_username=31971258 j_password= pin=2493 j_username=mario.hoefler@web.de j_password=nutpen10 pin= j_username=E.Giegler@web.de j_password=Eschen pin=5115 j_username=E.Giegler@web.de j_password=Eschen pin=5115 j_username=mail@obu-hamburg.de j_password=obu2009 pin=2394 # cat Data.txt MySQL https://91.213.8.13/myadmin/ $host = localhost $user = Palshop $pass = u5AunWox $data = morgen_Palshop FTP: 91.213.8.26 morgen 2Rysb2Kv 5socks http://admin.5socks.net/ Morgen Kzmv7QkvIf 0458-8466-1325-4447 UVszBT <<<< 50?# # cd .. # cd .. # cd st0re.morgen.w2c.ru # ls -la total 16 drwxrwx--- 4 mmgen www 512 Dec 2 2010 . drwxr-x--- 7 mmgen www 512 Jun 11 13:18 .. drwxr-xr-x 5 mmgen www 512 Dec 2 2010 admin drwxr-xr-x 8 mmgen www 512 Dec 3 2010 content # cd admin # ls -la total 56 drwxr-xr-x 5 mmgen www 512 Dec 2 2010 . drwxrwx--- 4 mmgen www 512 Dec 2 2010 .. -rw-r--r-- 1 mmgen www 8621 Dec 2 2010 DE.lng -rw-r--r-- 1 mmgen www 1546 Dec 2 2010 admin.php -rw-r--r-- 1 mmgen www 708 Dec 3 2010 config.php drwxr-xr-x 3 mmgen www 512 Dec 2 2010 designe -rw-r--r-- 1 mmgen www 1008 Dec 2 2010 functions.php drwxr-xr-x 4 mmgen www 512 Dec 2 2010 img -rw-r--r-- 1 mmgen www 876 Dec 3 2010 index.php drwxr-xr-x 2 mmgen www 512 Dec 2 2010 pages # cat config.php <?php /*************** / PalShop / / By Paloxus / / v 1.5 / ***************/ session_start(); error_reporting(0); $host = 'localhost'; //mysql host $user = 'mmgen_shop'; //db user $pass = '1y2x3c4v'; //db pass $data = 'mmgen_shop'; //db name $connect = mysql_connect($host, $user, $pass); mysql_select_db($data, $connect); $ajax = '0'; //use ajax [ 0 = no, 1 = yes ] $guthaben = '€'; // [ $, ? = £, ? = ¥, ? = € ] $designe = 'design'; // blue oder dark $session_prefix = '1y2x3c4v'; // DRINGEND ?NDERN! Beispielsweise in eine Buchstaben-Zahlen Kombination $language = 'DE'; //Sprache des CMS //Produkt Bilder: $prod_img = 1; // Produktbilder verwenden 1 = Ja, 2 = Nein ?> # cd /home/mmgen/st0re.cc # ls -la total 1522696 drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 . drwxr-x--- 7 mmgen www 512 Jun 11 13:18 .. -rw-r--r-- 1 mmgen www 16950051 Sep 13 01:08 1.mp3 -rw-r--r-- 1 mmgen www 941752 Sep 30 16:19 2.rar -rw-r--r-- 1 mmgen www 144694 Jan 30 2011 3.jpeg -rw-r--r-- 1 mmgen www 760708777 Sep 13 00:58 4.rar -rw-r--r-- 1 mmgen www 30654 Feb 22 2011 Banner.jpg -rw-r--r-- 1 mmgen www 40505 Feb 7 2011 Banner4.jpg -rw-r--r-- 1 mmgen www 13347 Feb 3 2011 Jelly.jpg -rw-r--r-- 1 mmgen www 53943 Feb 3 2011 Kamagra.png drwxr-xr-x 3 mmgen www 512 Feb 21 2011 Neu drwxr-xr-x 3 mmgen www 512 Jun 2 18:52 Ref -rw-r--r-- 1 mmgen www 8967 Jul 17 16:04 Ukash.php -rw-r--r-- 1 mmgen www 4756 Jan 27 2011 account.php -rw-r--r-- 1 mmgen www 1532 Jan 27 2011 account_do.php -rw-r--r-- 1 mmgen www 978 Jan 27 2011 add_basket.php drwxr-xr-x 7 mmgen www 512 Mar 10 2011 admin -rw-r--r-- 1 mmgen www 164100 Apr 10 16:10 banner.gif -rw-r--r-- 1 mmgen www 2398 Jan 28 2011 basket.php -rw-r--r-- 1 mmgen www 11921 Jul 21 23:44 cashin.php -rw-r--r-- 1 mmgen www 2278 Apr 9 18:00 category.php -rw-r--r-- 1 mmgen www 5223 Mar 10 2011 cc_modul.php -rw-r--r-- 1 mmgen www 2265 Feb 8 2011 checkout.php -rw-r--r-- 1 mmgen www 1471 Jan 27 2011 error.php -rw-r--r-- 1 mmgen www 1007 Jan 27 2011 faq.php -rw-r--r-- 1 mmgen www 1406 Apr 18 12:49 favicon.ico -rw-r--r-- 1 mmgen www 17594 Jan 27 2011 head.png drwxr-xr-x 2 mmgen www 512 Aug 21 22:23 ico -rw-r--r-- 1 mmgen www 7623 Jun 2 19:58 index.php drwxr-xr-x 2 mmgen www 512 Apr 8 17:22 libs -rw-r--r-- 1 mmgen www 886 Jan 27 2011 login.php -rw-r--r-- 1 mmgen www 1177 Jan 27 2011 login_do.php -rw-r--r-- 1 mmgen www 164 Jan 27 2011 logout.php -rw-r--r-- 1 mmgen www 1879 Jan 27 2011 product.php -rw-r--r-- 1 mmgen www 1319 Jan 27 2011 register.php -rw-r--r-- 1 mmgen www 1827 Jan 27 2011 register_do.php drwxr-xr-x 3 mmgen www 512 May 17 03:21 style -rw-r--r-- 1 mmgen www 8011 Apr 13 21:31 support.php -rw-r--r-- 1 mmgen www 2417 Apr 13 21:31 support_do.php # cd admin # ls -la total 268 drwxr-xr-x 7 mmgen www 512 Mar 10 2011 . drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 .. -rw-r--r-- 1 mmgen www 106 May 17 13:31 .htaccess -rw-r--r-- 1 mmgen www 40 Jun 2 18:50 .htpasswd -rw-r--r-- 1 mmgen www 8372 Feb 8 2011 category.php drwxr-xr-x 2 mmgen www 512 Feb 8 2011 css -rw-r--r-- 1 mmgen www 4599 Jan 27 2011 faq.php drwxr-xr-x 6 mmgen www 512 Feb 8 2011 images -rw-r--r-- 1 mmgen www 14618 Mar 10 2011 index.php -rw-r--r-- 1 mmgen www 8549 Feb 13 2011 items.php drwxr-xr-x 7 mmgen www 512 Feb 8 2011 js drwxr-xr-x 3 mmgen www 512 Jan 27 2011 libs -rw-r--r-- 1 mmgen www 7359 Mar 10 2011 modul.php -rw-r--r-- 1 mmgen www 9007 Feb 8 2011 news.php -rw-r--r-- 1 mmgen www 1256 Jan 27 2011 option.php -rw-r--r-- 1 mmgen www 11703 Feb 8 2011 product.php drwxr-xr-x 3 mmgen www 512 Jan 27 2011 style -rw-r--r-- 1 mmgen www 18 Jan 29 2011 test.php -rw-r--r-- 1 mmgen www 10040 Apr 9 19:18 tickets.php -rw-r--r-- 1 mmgen www 12164 Feb 8 2011 user.php -rw-r--r-- 1 mmgen www 17532 Feb 8 2011 voucher.php # cat .htaccess AuthType Basic AuthName "FUCK YOU" AuthUserFile /home/mmgen/st0re.cc/admin/.htpasswd Require valid-user # cat .htpasswd Admin:$1$5KnX9ENu$aKqzHTLd5HpMqKqgnglUx/ # cd .. # cd libs # ls -la total 56 drwxr-xr-x 2 mmgen www 512 Apr 8 17:22 . drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 .. -rw-r--r-- 1 mmgen www 2757 Jan 27 2011 class_bbcode.php -rw-r--r-- 1 mmgen www 1561 Jan 28 2011 class_user.php -rw-r--r-- 1 mmgen www 227 Jun 2 18:20 mysql_config.php -rw-r--r-- 1 mmgen www 1312 Apr 11 00:18 psc_cashin.class.php -rw-r--r-- 1 mmgen www 4383 Jul 19 21:35 ukash_cashin.class.php -rw-r--r-- 1 mmgen www 7679 Apr 8 17:21 xxx_psc_cashin.class.php # cat mysql_config.php <?php ##################### # LudenCMS v1 # # mysql_config.php # ##################### $mysql_host = "localhost"; $mysql_username = "mmgen_shop"; $mysql_password = "og.39//(kl"; $mysql_database = "mmgen_shop"; ?> So let's check out their SHOP DB # mysql -u mmgen_shop -D mmgen_shop -p Enter password: Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 89332 Server version: 5.0.51a-log FreeBSD port: mysql-server-5.0.51a Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> SHOW DATABASES; +--------------------+ | Database | +--------------------+ | information_schema | | mmgen_shop | | test | +--------------------+ 3 rows in set (0.00 sec) mysql> SHOW TABLES; +----------------------+ | Tables_in_mmgen_shop | +----------------------+ | shop_basket | | shop_ccmodul | | shop_coupon | | shop_faq | | shop_items | | shop_navigation | | shop_news | | shop_options | | shop_orders | | shop_products | | shop_tickets | | shop_user | | shop_voucher | +----------------------+ 13 rows in set (0.00 sec) mysql> # LOLOLO let's rm password info mysql> UPDATE shop_voucher SET infos = ""; Query OK, 11 rows affected (0.00 sec) Rows matched: 11 Changed: 11 Warnings: 0 mysql> SELECT * FROM shop_voucher; +-------+--------+------+---------------------+-------+-------+------------+ | payid | userid | type | code | infos | value | date | +-------+--------+------+---------------------+-------+-------+------------+ | 1872 | 10522 | 1 | 0905-1066-3280-8205 | | 10 | 2011-09-30 | | 1873 | 10522 | 1 | 0747-8763-8777-7583 | | 10 | 2011-09-30 | | 1874 | 10482 | 1 | 0170-8844-2643-6121 | | 10 | 2011-09-30 | | 1875 | 10161 | 1 | 0662-3887-5897-6736 | | 21 | 2011-09-30 | | 1877 | 8885 | 1 | 0795-2181-5472-4078 | | 10 | 2011-09-30 | | 1878 | 10575 | 1 | 0508-5218-3536-7066 | | 10 | 2011-09-30 | | 1869 | 10568 | 1 | 0725-8889-7048-6149 | | 10 | 2011-09-30 | | 1870 | 10300 | 1 | 0677-5871-1938-8696 | | 10 | 2011-09-30 | | 1871 | 10557 | 1 | 0570-2670-2925-4453 | | 100 | 2011-09-30 | | 1402 | 5356 | 0 | | | 0 | 2011-07-21 | | 1403 | 9652 | 0 | | | 0 | 2011-07-21 | +-------+--------+------+---------------------+-------+-------+------------+ 11 rows in set (0.00 sec) mysql> # Now how about we check who actually buys shit mysql> SELECT * FROM shop_user WHERE credits > 5; +--------+---------------+----------------------------------+--------------+---------+--------+---+ | userid | username | password | icq | credits | status | x | +--------+---------------+----------------------------------+--------------+---------+--------+---+ | 6 | J0hn.X3r | dbd570d9cfb7ee0473a7890e641a1f45 | 898437 | 20 | 0 | 0 | | 189 | Arma | 93f5d2a618cde4160d3eb8f748221f91 | arma@hush.ai | 10 | 0 | 0 | | 208 | iron.t | 9b630edecc947a5f9e5d4ca59462663f | iron.t@hotbo | 15 | 0 | 0 | | 514 | ngized | 3dcbb61d6599e4cbe89510c28f324f66 | camora18@web | 10 | 0 | 0 | | 571 | basha | 1618a9fe1c58f2bedd2fdccefaa6da21 | basha444@web | 9 | 0 | 0 | | 625 | stefgexp | 55132608a2fb68816bcd3d1caeafc933 | c.k.007@web. | 40 | 0 | 0 | | 794 | Tanoths | b5042eac66b4bdb8c6e42560f964ed3c | max@lilium-n | 23 | 0 | 0 | | 804 | TB4ever | 4be5ce67d73fb9b6dda4d91d45387d16 | jjstyler@liv | 7 | 0 | 0 | | 945 | Sven | 3dd19f98fd4adb12e6cee669341381aa | vb-sveiven@w | 10 | 0 | 0 | | 973 | binglly | 1a7384005bd77b151e11d58ac79da095 | binglly@web. | 10 | 0 | 0 | | 1120 | etrax | 4f0cb9262f0a0fdab6c9db4c122024c2 | etrax@secure | 10 | 0 | 0 | | 1174 | JUMPhil | 40d914022aca12c372304e1cf2e89b88 | 836499 | 9 | 0 | 0 | | 1195 | m0rpheus | 06aa90cb7e31b1de837cdfd4b837163c | m0rpheusz@o2 | 10 | 0 | 0 | | 1207 | HansMeier | 44354626326b1cd44cce845e8393ac0d | hansmeierfor | 6 | 0 | 0 | | 1353 | dr.mouse | b5ba41ed05b0b197546e2a4283af77ae | gucci23@hush | 7 | 0 | 0 | | 1691 | play | 0c2192030b08d26b06b073eef083548a | b4252353@ugg | 17 | 0 | 0 | | 1771 | fros | e0e93346794bf614a1f02254d9d8b21e | ritho.ritho@ | 10 | 0 | 0 | | 1810 | melvyn10 | 41df744f22aa3d7f81983a77e2899829 | melvyn10@081 | 15 | 0 | 0 | | 1941 | phyntox | 33d42d1eb34ec443704571b0ce34193e | phyntox@goog | 10 | 0 | 0 | | 1967 | fatal | 592b36d730c592cce0eebe1731d143ec | fatal3x@live | 7 | 0 | 0 | | 2010 | Dodo | d6d963cedb8dbc1ee57f271e942fbadd | bennibluemch | 7 | 0 | 0 | | 2301 | Blizzardo | 15b29ffdce66e10527a65bc6d71ad94d | blizzardfert | 10 | 0 | 0 | | 2415 | ecstasy | 887e1733037e9af10502b8bf923ad202 | Riehm93@onli | 6 | 0 | 0 | | 2478 | basics | cf7303a964a1682deeb3db90fbe3aeab | admin@mail-s | 6 | 0 | 0 | | 2630 | Stehlampe | db1527f7ecd3dd38f5de94e38cae2c53 | waswillstdud | 20 | 0 | 0 | | 2641 | mettwurst | 245a93ee61572bdda20c145374192603 | mettwurst@sa | 8 | 0 | 0 | | 2677 | Syntax | 068d03ef735f14d75cd78d0ad5e427a3 | psych0tik@li | 13 | 0 | | | 2696 | seife123 | a2327b1893edf0719cc1f29b8d807957 | azzzze@yahoo | 10 | 0 | 0 | | 2703 | fam0us | 8f036369a5cd26454949e594fb9e0a2d | ifam0us@hotm | 20 | 0 | 0 | | 2731 | Borni81 | 8d8e4a0f1607ecb8790bce4d03331749 | bornito@live | 6 | 0 | 0 | | 2763 | termi | 573bd983f1a92bb6cf8b535919e3a728 | Hans.olaf1@w | 6 | 0 | 0 | | 2827 | O.M.A. | 6b8d556a2c4e1a17c57c4019d58377f7 | Mueller_Simo | 7 | 0 | 0 | | 2861 | Epicfisch | 5785adb4d56e4dd0e2732c26ccc3a0ca | admin@stream | 10 | 0 | 0 | | 2960 | daunilein | 0e1ffc254643ad1b3a006a347146282f | downi@downi. | 6 | 0 | 0 | | 3101 | Pr3dator | 65a5a3d88782ceb6af221234670ec8fb | christian.ri | 13 | 0 | 0 | | 3135 | hassan3 | 8ce4ffbdd4b371c255be75734f26cd72 | guzter@ahoo. | 10 | 0 | 0 | | 3208 | maddox | 4a3ef4824d67af46ea57a39b72dea7df | a3351613@owl | 8 | 0 | 0 | | 3256 | k00ky | 649f7f3295eb1163604ce906b6a6c498 | k00ky@hotmai | 9 | 0 | 0 | | 3266 | 1337man | f29f5f0849fec2e6bc1c10de788410fa | roflfastlola | 11 | 0 | 0 | | 3321 | djinns | c316236440037c0a621d592222708b72 | djinnsrs@goo | 8 | 0 | 0 | | 3433 | fluxay | 64d1f88b9b276aece4b0edcc25b7a434 | dir@mailinat | 70 | 0 | 0 | | 3628 | BOMBER | 8e26756ab1075b72dd82965c3d67c162 | bersch5555@w | 6 | 0 | 0 | | 3731 | testuser0 | 68b62823ed173ad3bed0ce700d556b2a | b999347@owlp | 25 | 0 | 0 | | 3829 | Skywalker | 077efa5fc07874cb04bd359845314743 | b1459562@owl | 10 | 0 | 0 | | 3905 | Plasmasmog | ba9912907e468a911de722cd811b99b2 | Plasmasmog@m | 10 | 0 | 0 | | 3951 | master1234 | bffdd53cd1557a14c84b6f42f2012187 | forfreemovie | 10 | 0 | 0 | | 4038 | !XSS | 5b84d7e9450f523d263a1e2844d333da | xss-xss@Safe | 17 | 0 | 0 | | 4114 | sh0x | 7e573aedbe6d321228de54fcacee7ebd | leandroking@ | 6 | 0 | 0 | | 4121 | slice | c53c7a272390264c5e6beddcc410daa5 | esel@yahoo.d | 10 | 0 | 0 | | 4140 | Dennske | f8eb6ce796e56b0260d9e77c6e057a20 | wccrew@web.d | 10 | 0 | 0 | | 4144 | -Bounter- | 2fec358d161f20e1d51e24641d76312f | dreamy@warez | 10 | 0 | 0 | | 4470 | Phantonym | 95abaa72bd229ec8f058519bb4bcfe87 | Phantonym@hu | 11 | 0 | 0 | | 4474 | CyberTT | df53ca268240ca76670c8566ee54568a | a1679852@bof | 6 | 0 | 0 | | 4476 | Getter | 530ea1472e71035353d32d341ecf6343 | a1682682@bof | 50 | 0 | 0 | | 4808 | ceres2 | dd4df322be3679fc422ab3d45fc97e96 | ceres@imails | 13 | 0 | 0 | | 4846 | check | 3756dd32ed2706bb3b6fc004b0e4ef80 | senmobiles@h | 8 | 0 | 0 | | 4890 | lgdavid | 5daec48bdfda7423e079b99c80c13ed1 | david.wang20 | 7 | 0 | 0 | | 4919 | stronger87 | ea110dfdeb4b966c81f7d786df7b1192 | dirkbischof@ | 10 | 0 | 0 | | 4944 | burberry | 55f9c405bd87ba23896f34011ffce8da | burberry1337 | 6 | 0 | 0 | | 5088 | L4x1337 | 7518f76db987755dbb01c52e177ba134 | 591238155 | 8 | 0 | 0 | | 5126 | Neon | ab64f71b84891bc31fe85512d35716a8 | neon19881@we | 10 | 0 | 0 | | 5401 | schlecker | cf14f069b4e041d13f50361dd54b9a33 | sjsj@web.de | 8 | 0 | 0 | | 5446 | sexy1337 | e10adc3949ba59abbe56e057f20f883e | sadsadasdmer | 9 | 0 | 0 | | 5642 | firelabs | 076c91ca1a80a49970a3e094ef5954cf | fuckthatbitc | 10 | 0 | 0 | | 5727 | 2t-power | 0df174153bd462f50c728006d9d1c704 | eiermann@hus | 6 | 0 | 0 | | 6079 | pete | 620209aea87f7bae2bd2445d094ba275 | karl-otto3@w | 20 | 0 | 0 | | 6092 | accored | bc47508edab07c1a0082c714fdc08eab | acc0r3d@yaho | 18 | 0 | 0 | | 6167 | mercury | 98169b656c826331d6e9d5e334ca7be8 | fakemail@bla | 10 | 0 | 0 | | 6183 | Roxas | d412a68fd7624bfe220f55f53c26f5a7 | Roxas_1991@g | 20 | 0 | 0 | | 6187 | Redbullfly | 3a82ca9ca9bfe5db9d9eda406c13ac61 | Redbullfly@g | 8 | 0 | 0 | | 6263 | Madd1n | e2a2a6d692a27773a9da52f7e82cfde7 | martinkieser | 6 | 0 | 0 | | 6465 | terror | 9a1b0d5d2d14b7272183d51fe5914f25 | b1245111@lhs | 12 | 0 | 0 | | 6549 | drupp | e19d5cd5af0378da05f63f891c7467af | drupp88@goog | 53 | 0 | 0 | | 6590 | _wayne | dc8996397be86e49cb56fd6face00c7f | mkoch@live.d | 6 | 0 | 0 | | 6667 | krillewurm | 06e0274429fc435c0335237c0006f13c | easy-riderz@ | 25 | 0 | 0 | | 6689 | sundy | 263f55f9f491876ebe21af13c2ee4589 | ra.klaus.sta | 7 | 0 | 0 | | 6772 | 1311 | 2aed094745c811516aea636e52015bc8 | 2010@9y.com | 10 | 0 | 0 | | 6820 | drbob | edfff284ca91b5676d8caa85f0cfd1df | BlackDesire2 | 20 | 0 | 0 | | 6885 | Lankabel | 4297f44b13955235245b2497399d7a93 | 123@123.123 | 35 | 0 | | | 6953 | fr34c10 | 200820e3227815ed1756a6b531e7e0d2 | festner@mail | 10 | 0 | | | 7040 | Cysis | 984c8c7b5d1d358c1470b1a2f81cdd3b | 4216SD@gmail | 40 | 0 | | | 7042 | Fire | e94e346e5bb49449d6d607939ddbf63c | cyler@hotmai | 8 | 0 | | | 7072 | drbob100 | 8faddb27516de448b4f7a434b5a7130a | Blackddeess@ | 20 | 0 | | | 7105 | runner91 | 8a7d489dbea2c6d8ad710b47ea68bc05 | malli-2006@w | 7.5 | 0 | | | 7190 | jacov | f30d05ead11bea743d583e4282e304f6 | n0b0dy.fh@we | 7 | 0 | | | 7193 | kratos1 | 59779937922f0264885e4f871257be48 | fgikto@googl | 7 | 0 | | | 7227 | s30s | 5103c1995af9f7fc6751de332bcfdfd3 | xc0ree@cust. | 7 | 0 | | | 7603 | fws | 73cb82e5496bfc9e4a6bc70ea2826e56 | ao@f-ws.de | 32 | 0 | | | 7803 | CodeRed | e89b7c5cc238c5871ceeafe46d3d3154 | CodeRed94@ho | 6 | 0 | | | 7827 | liviu | 65399351c23e646ae6ad68c938015c14 | zut@wet.de | 6 | 0 | | | 7887 | Anything | 9f4633f632153c74bcddcbf9c1d2fbed | 113377 | 9 | 0 | | | 7899 | piren20 | cc03e747a6afbbcbf8be7668acfebee5 | mh.zeh@web.d | 10 | 0 | | | 7925 | sdffsf | c02711d20a521eb8d1e5aeefb6bbecab | dfds@sd.de | 7 | 0 | | | 8114 | sTiNN | 745c0ccdb25262e3a17afe9fd6456a5c | stinn@live.d | 6 | 0 | | | 8122 | bigdady | 9933fb405b690fb59015b8981e09e671 | 621178350 | 10 | 0 | | | 8249 | freestyl | 2968da776da97fdd7d4910189411804e | as7da9d@gmx. | 20 | 0 | | | 8324 | kamel | e73e1bd2feb22b75c0ec0cacfd0b9d25 | 81023871 | 13 | 0 | | | 8340 | iphonejumper | 5db9e40fd1ae010e435884cedbfde349 | | 7 | 0 | | | 8408 | joe321 | f36e8a3b77970d55a984672972555c40 | | 35 | 0 | | | 8414 | Crackfox | 10b43971a8295f3720f38fbcdd9d6ac6 | | 6 | 0 | | | 8470 | shoxx12 | 1e45690858e3dfdeebbd67eb5db2653b | | 5.5 | 0 | | | 8493 | alexander | dd22141acb5ea065acd5ed773729c98f | 000000 | 30 | 0 | | | 8554 | hurens0hn | 08ba21f5a9f192e3114ce9c3d29c0f8f | 383051368 | 25 | 0 | | | 8580 | Bester12 | 8e2a99e1e5e356f5b9b874c8d9d83c79 | 456 | 40 | 0 | | | 8627 | Kleedyyy | 8d0c8f9d1a9539021fda006427b993b9 | | 7 | 0 | | | 8645 | Energie | ea110dfdeb4b966c81f7d786df7b1192 | | 7 | 0 | | | 8691 | JimPanse | f56a8901702b2c279c065f2ca15890ec | | 8 | 0 | | | 8744 | cubee | 4a3ef4824d67af46ea57a39b72dea7df | | 7 | 0 | | | 8762 | Dodel | 5657c76ad9a05ea0d9899f94dc4121e9 | | 8 | 0 | | | 8826 | kuni77 | 22f3555c832cde0134c65e9cb44424ee | 615664295 | 7 | 0 | | | 8866 | sysfuck | 95a3d9c2bce545f46bc54d8a750438b1 | | 17.5 | 0 | | | 8879 | payment | ed8539ed5fe17d4dc3a18058831fb9bd | | 10 | 0 | | | 8890 | PolskaDumny | c288a40b22e236022e43f96cf7bab952 | 165-034 | 8.5 | 0 | | | 8933 | Dubstep | 3116ccacabe066ce091b171347fca80d | 427-073-373 | 25.2 | 0 | | | 8960 | Hotter | 0981ee032a8e8af483dc24390916c737 | 282979840 | 7.5 | 0 | | | 8969 | network44 | 44252cf93dd7a73ecc031f8363a26459 | 618445 | 10 | 0 | | | 9010 | sey | f2f6ca16e070070fc5465ab4209586b5 | | 10 | 0 | | | 9094 | MrPataa | 9c7b04e137048c6dc5bc2dae0f78bf68 | | 10 | 0 | | | 9122 | Semtex99 | 9ca40c627bb00f08347cf336fb09011b | | 9 | 0 | | | 9183 | trainee | a2147086850706ecb2b6f2919fed8e40 | 350610 | 7 | 0 | | | 9216 | opfa | 01fc7192adba9cbba78b612ebeca6b66 | | 11 | 0 | | | 9223 | ivory | 00b86e77b9f76fc1f466555b6af345f8 | | 10 | 0 | | | 9253 | blur121 | 7e4ea1bf5ca4e36d14e6296e485970f2 | | 10 | 0 | | | 9590 | kani2012 | ec11aacc5832b63f02f1269e89d3cdd7 | 858223 | 7 | 0 | | | 9269 | drm1hy | c6cb19878e6a335d4fabb115ca8e3605 | | 24 | 0 | | | 9273 | TrOvEjAr | 9378884c5f76bf23f5aaedd1035017ba | 234307423 | 20 | 0 | | | 9275 | gist505 | fcdd4eae6aff919545ff68b6e3943b91 | | 8.98 | 0 | | | 9298 | mrgreen | 824a67f29e97b8798a9df7f00189f3e1 | | 35 | 0 | | | 9307 | GStar | 2472ee727ed8de9a818fc657a6895646 | | 10 | 0 | | | 9310 | Domi93 | b36d331451a61eb2d76860e00c347396 | | 8 | 0 | | | 9348 | pwned | 530ea1472e71035353d32d341ecf6343 | | 6.5 | 0 | | | 9357 | darkt0wn | a56b6119d6c8be8e2d0d25bcfdca25c6 | | 10 | 0 | | | 9375 | optik | d6ae345d39ca27dcc9c8e9c30a814041 | | 7 | 0 | | | 9397 | U3 | 93327f2856df1105a1318895ac44e684 | 645458882 | 20.2 | 0 | | | 9410 | mule22 | d27c8e6c3222ea5da09eb7f0f9d56818 | | 7 | 0 | | | 9448 | BL4cKKS | cdbec512b7a848722346013aa3e44f8b | | 7 | 0 | | | 9508 | PEPPEP | 6ec176f463121c7a1fc2f442ba22e937 | | 6 | 0 | | | 9534 | Cardercc | 461ae6b500f5802d4d52b34643cdcc6e | | 11 | 0 | | | 9599 | nolandro | 78f5cf8d0ee4f6b1e612a36954c1254d | | 50 | 0 | | | 9600 | KoKaiiiN | dc74e595f9938b1ea1f1a078ae154949 | 363727670 | 6 | 0 | | | 9618 | D3DMan | e78e0c9c18a6490ef56c3ffe837e0fca | | 10.5 | 0 | | | 9621 | Abdulleben | 25d55ad283aa400af464c76d713c07ad | | 6.5 | 0 | | | 9631 | sexonthebeach | 2dfbaaecbe98198ace8c554cc426b6d4 | | 44 | 0 | | | 9701 | heiko4321 | 12a6265a271b7b23e943f5986d80d190 | | 7.5 | 0 | | | 9726 | albozz | d41d8cd98f00b204e9800998ecf8427e | | 18 | 0 | | | 9729 | Spexti | 4dfd9542414fed623b432aee923618d0 | | 6 | 0 | | | 9791 | Bastler | a278ec2edc9105bd52fe62254522ecd4 | | 20 | 0 | | | 9820 | vima | f3674879f5e18c7989e02235da302cc9 | | 20 | 0 | | | 9822 | xNiightx | ef605602b07ae6b27054649d92e28b3e | 474300093 | 19 | 0 | | | 9824 | bergwerk | c4fd4f3a6e0f9ccbc309a510a7efbad4 | | 12 | 0 | | | 9948 | funny333 | 56a876cce8c5d91ed47db1b742573d36 | | 17.5 | 0 | | | 9966 | Friedrich | 28acec923aa820ebbe028955a5a46356 | ja | 7 | 0 | | | 10035 | Auzodiox | 286119328282d5d64cf1a3a02aba6316 | | 15 | 0 | | | 10003 | donjuan | 6d11921056f42e148b13a528c82d174e | | 5.5 | 0 | | | 10005 | hajo22 | 566a1fc42bc3fa17a3920221d2b24d34 | | 6 | 0 | | | 10032 | golem | 62650cd9a5fb136dc137b155e4ae6f2a | | 15.5 | 0 | | | 10033 | blood | 42ee64c24d1efcc4c1916074461854f3 | | 10 | 0 | | | 10051 | Technoboom | 77711870d494d022654bcf842b603467 | | 7 | 0 | | | 10217 | LiBeRtY1338 | d41d8cd98f00b204e9800998ecf8427e | 634365955 | 9.1 | 0 | | | 10085 | mo100 | 7cc5a8be611ccce374885048bc2a4848 | | 32.5 | 0 | | | 10575 | Twix2010 | 75a593a34aa5ba8e5e5788b7c899802e | | 7 | 0 | | | 10216 | Spagel | 22243bfba05b9715e6303dacf7f66c90 | | 30 | 0 | | | 10391 | DerHase | e99a18c428cb38d5f260853678922e03 | | 7.5 | 0 | | | 10290 | samsamsam3 | 03f828f4b26b4ebab502c56a78cc0580 | 600148357 | 70 | 0 | | | 10304 | dasfrek | de68fbe75420c572d172d456ec9a48b3 | 158204790 | 13 | 0 | | | 10402 | Kevko | a0017f523db6e51a75f02647a89280bd | 480179 | 9 | 0 | | | 10440 | ahm123 | 97c45c9bb4cea4d08721d101388578bb | | 7 | 0 | | | 10555 | homer | f54146a3fc82ab17e5265695b23f646b | | 9 | 0 | | | 10557 | ccmajor | 1fafd7a63f5980302a5cdaa790988b7b | 158545 | 10 | 0 | | +--------+---------------+----------------------------------+--------------+---------+--------+---+ 169 rows in set (0.01 sec) mysql> Aborted # cd /var/log/httpd # Some recent ip adresses?^C # grep "st0re.cc.*POST.*login_do.php" httpd_20110930_* httpd_access.log httpd_20110930_a.log:st0re.cc 91.23.167.77 2 30.09.11 03:30:01 "POST /login_do.php HTTP/1.0" 47627 637 341 httpd_20110930_a.log:st0re.cc 87.168.17.156 2 30.09.11 04:13:28 "POST /login_do.php HTTP/1.0" 8509 726 323 httpd_20110930_a.log:st0re.cc 178.162.135.234 2 30.09.11 04:52:16 "POST /login_do.php HTTP/1.0" 8323 705 323 httpd_20110930_a.log:st0re.cc 80.142.47.156 2 30.09.11 05:06:21 "POST /login_do.php HTTP/1.0" 8148 634 323 httpd_20110930_a.log:st0re.cc 212.150.184.230 2 30.09.11 08:19:53 "POST /login_do.php HTTP/1.0" 8213 652 323 httpd_20110930_a.log:st0re.cc 2.200.120.131 2 30.09.11 09:56:50 "POST /login_do.php HTTP/1.0" 8549 669 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 10:47:44 "POST /login_do.php HTTP/1.0" 8941 583 323 httpd_20110930_a.log:st0re.cc 95.211.13.145 2 30.09.11 10:50:13 "POST /login_do.php HTTP/1.0" 8095 635 323 httpd_20110930_a.log:st0re.cc 80.226.24.8 2 30.09.11 11:18:30 "POST /login_do.php HTTP/1.0" 8314 670 323 httpd_20110930_a.log:st0re.cc 79.253.2.25 2 30.09.11 11:27:54 "POST /login_do.php HTTP/1.0" 8574 720 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 11:32:49 "POST /login_do.php HTTP/1.0" 8150 583 323 httpd_20110930_a.log:st0re.cc 77.176.68.228 2 30.09.11 13:01:42 "POST /login_do.php HTTP/1.0" 8211 641 3411 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 13:19:38 "POST /login_do.php HTTP/1.0" 8286 583 323 httpd_20110930_a.log:st0re.cc 188.136.8.225 2 30.09.11 13:56:34 "POST /login_do.php HTTP/1.0" 8711 642 323 httpd_20110930_a.log:st0re.cc 92.241.168.24 2 30.09.11 14:31:08 "POST /login_do.php HTTP/1.0" 8377 630 323 httpd_20110930_a.log:st0re.cc 84.140.101.35 2 30.09.11 14:51:37 "POST /login_do.php HTTP/1.0" 8876 723 323 httpd_20110930_a.log:st0re.cc 93.192.34.166 2 30.09.11 15:34:17 "POST /login_do.php HTTP/1.0" 9479 788 341 httpd_20110930_a.log:st0re.cc 92.201.119.237 2 30.09.11 15:45:12 "POST /login_do.php HTTP/1.0" 8372 641 323 httpd_20110930_a.log:st0re.cc 87.122.41.84 2 30.09.11 15:57:19 "POST /login_do.php HTTP/1.0" 8163 633 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 16:04:08 "POST /login_do.php HTTP/1.0" 8246 583 323 httpd_20110930_a.log:st0re.cc 88.72.19.192 2 30.09.11 16:15:47 "POST /login_do.php HTTP/1.0" 8768 630 323 httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 16:22:46 "POST /login_do.php HTTP/1.0" 8777 705 341 httpd_20110930_a.log:st0re.cc 77.10.175.234 2 30.09.11 16:24:21 "POST /login_do.php HTTP/1.0" 272729 732 323 httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 16:26:26 "POST /login_do.php HTTP/1.0" 8575 723 323 httpd_20110930_a.log:st0re.cc 93.192.34.166 2 30.09.11 16:30:04 "POST /login_do.php HTTP/1.0" 8150 787 323 httpd_20110930_a.log:st0re.cc 178.202.68.98 2 30.09.11 16:30:24 "POST /login_do.php HTTP/1.0" 8242 636 323 httpd_20110930_a.log:st0re.cc 178.7.135.0 2 30.09.11 16:33:20 "POST /login_do.php HTTP/1.0" 8378 648 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 16:43:58 "POST /login_do.php HTTP/1.0" 8185 583 323 httpd_20110930_a.log:st0re.cc 92.241.164.197 2 30.09.11 16:44:05 "POST /login_do.php HTTP/1.0" 8263 654 323 httpd_20110930_a.log:st0re.cc 77.10.175.234 2 30.09.11 16:48:12 "POST /login_do.php HTTP/1.0" 8888 761 323 httpd_20110930_a.log:st0re.cc 46.115.16.29 2 30.09.11 16:55:14 "POST /login_do.php HTTP/1.0" 8958 718 323 httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 16:55:44 "POST /login_do.php HTTP/1.0" 8141 723 323 httpd_20110930_a.log:st0re.cc 88.76.37.149 2 30.09.11 16:59:33 "POST /login_do.php HTTP/1.0" 8468 643 323 httpd_20110930_a.log:st0re.cc 77.186.7.122 2 30.09.11 17:05:15 "POST /login_do.php HTTP/1.0" 8506 632 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:05:35 "POST /login_do.php HTTP/1.0" 8739 583 323 httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 17:06:11 "POST /login_do.php HTTP/1.0" 8214 732 323 httpd_20110930_a.log:st0re.cc 91.53.197.228 2 30.09.11 17:07:00 "POST /login_do.php HTTP/1.0" 8094 787 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:09:32 "POST /login_do.php HTTP/1.0" 8230 583 323 httpd_20110930_a.log:st0re.cc 178.3.99.162 2 30.09.11 17:12:29 "POST /login_do.php HTTP/1.0" 8606 640 323 httpd_20110930_a.log:st0re.cc 87.122.41.84 2 30.09.11 17:15:16 "POST /login_do.php HTTP/1.0" 8181 633 323 httpd_20110930_a.log:st0re.cc 84.177.153.224 2 30.09.11 17:17:27 "POST /login_do.php HTTP/1.0" 8550 650 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:23:17 "POST /login_do.php HTTP/1.0" 8164 583 323 httpd_20110930_a.log:st0re.cc 92.224.62.134 2 30.09.11 17:25:51 "POST /login_do.php HTTP/1.0" 8164 642 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:50:25 "POST /login_do.php HTTP/1.0" 8288 583 323 httpd_20110930_a.log:st0re.cc 178.162.135.66 2 30.09.11 17:56:45 "POST /login_do.php HTTP/1.0" 8871 612 323 httpd_20110930_a.log:st0re.cc 77.8.111.185 2 30.09.11 18:00:22 "POST /login_do.php HTTP/1.0" 8204 635 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 18:06:05 "POST /login_do.php HTTP/1.0" 8037 583 323 httpd_20110930_a.log:st0re.cc 178.86.4.72 2 30.09.11 18:09:59 "POST /login_do.php HTTP/1.0" 8348 640 323 httpd_20110930_a.log:st0re.cc 87.156.226.177 2 30.09.11 18:15:41 "POST /login_do.php HTTP/1.0" 8184 650 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 18:32:35 "POST /login_do.php HTTP/1.0" 13208 583 323 httpd_20110930_a.log:st0re.cc 62.177.139.171 2 30.09.11 18:43:36 "POST /login_do.php HTTP/1.0" 8538 612 323 httpd_20110930_a.log:st0re.cc 188.99.237.187 2 30.09.11 18:44:23 "POST /login_do.php HTTP/1.0" 8195 631 323 httpd_20110930_a.log:st0re.cc 84.144.24.26 2 30.09.11 18:46:44 "POST /login_do.php HTTP/1.0" 8378 733 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 18:58:16 "POST /login_do.php HTTP/1.0" 8107 583 323 httpd_20110930_a.log:st0re.cc 88.128.93.67 2 30.09.11 19:14:31 "POST /login_do.php HTTP/1.0" 8347 741 323 httpd_20110930_a.log:st0re.cc 84.159.35.59 2 30.09.11 19:28:20 "POST /login_do.php HTTP/1.0" 8304 644 323 httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 19:35:08 "POST /login_do.php HTTP/1.0" 8222 732 323 httpd_20110930_a.log:st0re.cc 95.118.133.136 2 30.09.11 19:43:28 "POST /login_do.php HTTP/1.0" 8076 641 323 httpd_20110930_a.log:st0re.cc 77.183.29.40 2 30.09.11 19:45:35 "POST /login_do.php HTTP/1.0" 8195 639 323 httpd_20110930_a.log:st0re.cc 213.135.18.45 2 30.09.11 19:49:23 "POST /login_do.php HTTP/1.0" 8152 581 323 httpd_20110930_a.log:st0re.cc 87.156.29.114 2 30.09.11 19:52:03 "POST /login_do.php HTTP/1.0" 8481 723 323 httpd_20110930_a.log:st0re.cc 217.231.145.151 2 30.09.11 20:08:21 "POST /login_do.php HTTP/1.0" 8568 794 341 httpd_20110930_a.log:st0re.cc 217.231.145.151 2 30.09.11 20:08:34 "POST /login_do.php HTTP/1.0" 9612 793 323 httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 20:10:43 "POST /login_do.php HTTP/1.0" 8277 723 323 httpd_20110930_a.log:st0re.cc 213.135.18.45 2 30.09.11 20:14:09 "POST /login_do.php HTTP/1.0" 8427 581 323 httpd_20110930_a.log:st0re.cc 92.225.99.187 2 30.09.11 20:15:41 "POST /login_do.php HTTP/1.0" 8416 625 341 httpd_20110930_a.log:st0re.cc 92.225.99.187 2 30.09.11 20:16:47 "POST /login_do.php HTTP/1.0" 8292 641 323 httpd_20110930_a.log:st0re.cc 213.163.65.50 2 30.09.11 20:19:02 "POST /login_do.php HTTP/1.0" 8270 629 323 httpd_20110930_a.log:st0re.cc 84.166.216.59 2 30.09.11 20:36:40 "POST /login_do.php HTTP/1.0" 8410 721 323 httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 20:51:21 "POST /login_do.php HTTP/1.0" 8349 732 323 httpd_20110930_a.log:st0re.cc 213.135.18.45 2 30.09.11 20:54:58 "POST /login_do.php HTTP/1.0" 8343 581 323 httpd_20110930_a.log:st0re.cc 95.118.133.136 2 30.09.11 20:56:17 "POST /login_do.php HTTP/1.0" 8158 641 323 httpd_20110930_a.log:st0re.cc 95.118.133.136 2 30.09.11 21:14:05 "POST /login_do.php HTTP/1.0" 8708 641 323 httpd_20110930_a.log:st0re.cc 84.189.234.204 2 30.09.11 21:17:37 "POST /login_do.php HTTP/1.0" 8194 671 323 httpd_20110930_a.log:st0re.cc 87.139.98.60 2 30.09.11 21:23:18 "POST /login_do.php HTTP/1.0" 8082 644 323 httpd_20110930_a.log:st0re.cc 109.236.86.130 2 30.09.11 21:35:53 "POST /login_do.php HTTP/1.0" 8154 645 323 httpd_20110930_a.log:st0re.cc 93.186.200.12 2 30.09.11 21:45:37 "POST /login_do.php HTTP/1.0" 8409 627 341 httpd_20110930_a.log:st0re.cc 77.183.29.40 2 30.09.11 21:46:22 "POST /login_do.php HTTP/1.0" 8157 639 323 httpd_20110930_a.log:st0re.cc 62.141.36.190 2 30.09.11 21:50:30 "POST /login_do.php HTTP/1.0" 8119 622 341 httpd_20110930_a.log:st0re.cc 62.141.36.190 2 30.09.11 21:50:37 "POST /login_do.php HTTP/1.0" 8241 622 323 httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 21:53:11 "POST /login_do.php HTTP/1.0" 8070 723 323 httpd_20110930_a.log:st0re.cc 178.202.68.98 2 30.09.11 21:53:33 "POST /login_do.php HTTP/1.0" 8254 636 323 httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 22:07:29 "POST /login_do.php HTTP/1.0" 8648 732 323 httpd_20110930_a.log:st0re.cc 89.15.88.227 2 30.09.11 22:19:27 "POST /login_do.php HTTP/1.0" 8205 635 341 httpd_20110930_a.log:st0re.cc 80.239.242.78 2 30.09.11 22:21:00 "POST /login_do.php HTTP/1.0" 8402 646 323 httpd_20110930_a.log:st0re.cc 91.10.251.46 2 30.09.11 22:31:06 "POST /login_do.php HTTP/1.0" 8479 721 341 httpd_20110930_a.log:st0re.cc 91.10.251.46 2 30.09.11 22:33:29 "POST /login_do.php HTTP/1.0" 8240 720 323 httpd_20110930_a.log:st0re.cc 178.202.68.98 2 30.09.11 22:33:49 "POST /login_do.php HTTP/1.0" 14741 636 323 httpd_20110930_a.log:st0re.cc 77.24.94.72 2 30.09.11 22:34:14 "POST /login_do.php HTTP/1.0" 8203 663 341 httpd_20110930_a.log:st0re.cc 82.195.234.50 2 30.09.11 22:36:30 "POST /login_do.php HTTP/1.0" 8304 729 341 httpd_20110930_a.log:st0re.cc 82.195.234.50 2 30.09.11 22:36:38 "POST /login_do.php HTTP/1.0" 8228 730 323 httpd_20110930_a.log:st0re.cc 178.3.99.162 2 30.09.11 22:42:38 "POST /login_do.php HTTP/1.0" 8094 640 323 httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 23:08:46 "POST /login_do.php HTTP/1.0" 8207 732 323 httpd_20110930_a.log:st0re.cc 89.204.153.246 2 30.09.11 23:10:14 "POST /login_do.php HTTP/1.0" 8285 696 323 httpd_20110930_a.log:st0re.cc 79.192.107.57 2 30.09.11 23:20:54 "POST /login_do.php HTTP/1.0" 8307 639 323 httpd_20110930_a.log:st0re.cc 93.196.21.139 2 30.09.11 23:29:34 "POST /login_do.php HTTP/1.0" 8856 633 323 httpd_20110930_a.log:st0re.cc 2.213.95.13 2 30.09.11 23:50:22 "POST /login_do.php HTTP/1.0" 8379 633 323 httpd_20110930_a.log:st0re.cc 82.83.112.126 2 30.09.11 23:56:18 "POST /login_do.php HTTP/1.0" 8721 744 323 httpd_20110930_a.log:st0re.cc 77.20.159.112 2 01.10.11 00:20:55 "POST /login_do.php HTTP/1.0" 8354 643 323 httpd_20110930_a.log:st0re.cc 178.9.168.231 2 01.10.11 01:13:45 "POST /login_do.php HTTP/1.0" 9722 729 341 httpd_20110930_a.log:st0re.cc 84.59.159.134 2 01.10.11 01:35:23 "POST /login_do.php HTTP/1.0" 8207 646 323 httpd_20110930_a.log:st0re.cc 87.139.98.60 2 01.10.11 01:48:07 "POST /login_do.php HTTP/1.0" 9020 644 323 httpd_20110930_a.log:st0re.cc 92.224.0.114 2 01.10.11 01:56:01 "POST /login_do.php HTTP/1.0" 8930 640 341 httpd_20110930_a.log:st0re.cc 92.224.0.114 2 01.10.11 01:58:53 "POST /login_do.php HTTP/1.0" 8227 648 341 httpd_20110930_a.log:st0re.cc 195.71.18.209 2 01.10.11 02:40:09 "POST /login_do.php HTTP/1.0" 8594 630 323 httpd_20110930_a.log:st0re.cc 95.118.98.231 2 01.10.11 02:47:35 "POST /login_do.php HTTP/1.0" 8143 735 341 httpd_20110930_a.log:st0re.cc 95.222.50.203 2 01.10.11 03:00:42 "POST /login_do.php HTTP/1.0" 8455 637 323 httpd_access.log:st0re.cc 79.247.250.2 2 01.10.11 03:25:18 "POST /login_do.php HTTP/1.0" 8322 648 341 httpd_access.log:st0re.cc 79.247.250.2 2 01.10.11 03:25:30 "POST /login_do.php HTTP/1.0" 1543 648 341 httpd_access.log:st0re.cc 84.189.234.204 2 01.10.11 03:56:19 "POST /login_do.php HTTP/1.0" 8108 671 323 httpd_access.log:st0re.cc 46.115.17.43 2 01.10.11 04:19:31 "POST /login_do.php HTTP/1.0" 8725 629 341 httpd_access.log:st0re.cc 46.115.17.43 2 01.10.11 04:19:57 "POST /login_do.php HTTP/1.0" 8745 627 323 httpd_access.log:st0re.cc 84.74.179.83 2 01.10.11 05:17:41 "POST /login_do.php HTTP/1.0" 8227 724 323 httpd_access.log:st0re.cc 66.176.9.110 2 01.10.11 06:22:46 "POST /login_do.php HTTP/1.0" 8182 889 323 httpd_access.log:st0re.cc 84.171.65.229 2 01.10.11 11:16:40 "POST /login_do.php HTTP/1.0" 10603 646 323 httpd_access.log:st0re.cc 213.135.18.45 2 01.10.11 11:32:59 "POST /login_do.php HTTP/1.0" 8670 581 323 httpd_access.log:st0re.cc 92.224.58.242 2 01.10.11 11:59:27 "POST /login_do.php HTTP/1.0" 8330 633 323 httpd_access.log:st0re.cc 115.184.3.252 2 01.10.11 12:12:22 "POST /login_do.php HTTP/1.0" 8176 699 323 httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 12:41:47 "POST /login_do.php HTTP/1.0" 8422 787 323 httpd_access.log:st0re.cc 89.0.20.128 2 01.10.11 13:00:16 "POST /login_do.php HTTP/1.0" 8213 647 323 httpd_access.log:st0re.cc 85.17.97.27 2 01.10.11 13:31:59 "POST /login_do.php HTTP/1.0" 8667 634 341 httpd_access.log:st0re.cc 212.150.184.230 2 01.10.11 13:37:20 "POST /login_do.php HTTP/1.0" 8082 652 323 httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 13:48:36 "POST /login_do.php HTTP/1.0" 8041 787 323 httpd_access.log:st0re.cc 80.142.41.35 2 01.10.11 13:56:41 "POST /login_do.php HTTP/1.0" 8142 675 323 httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 13:58:43 "POST /login_do.php HTTP/1.0" 1754 787 323 httpd_access.log:st0re.cc 92.226.41.234 2 01.10.11 14:09:46 "POST /login_do.php HTTP/1.0" 8161 636 341 httpd_access.log:st0re.cc 178.202.68.98 2 01.10.11 14:09:49 "POST /login_do.php HTTP/1.0" 8236 636 323 httpd_access.log:st0re.cc 92.226.41.234 2 01.10.11 14:09:52 "POST /login_do.php HTTP/1.0" 8429 644 323 httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 14:30:23 "POST /login_do.php HTTP/1.0" 8060 794 341 httpd_access.log:st0re.cc 87.122.41.84 2 01.10.11 14:42:56 "POST /login_do.php HTTP/1.0" 8176 633 323 httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 14:45:00 "POST /login_do.php HTTP/1.0" 1750 787 323 httpd_access.log:st0re.cc 92.224.11.28 2 01.10.11 15:03:01 "POST /login_do.php HTTP/1.0" 8030 664 341 httpd_access.log:st0re.cc 88.74.202.98 2 01.10.11 15:45:47 "POST /login_do.php HTTP/1.0" 8167 661 323 httpd_access.log:st0re.cc 95.118.133.136 2 01.10.11 15:50:25 "POST /login_do.php HTTP/1.0" 8025 641 323 httpd_access.log:st0re.cc 217.79.178.233 2 01.10.11 15:52:07 "POST /login_do.php HTTP/1.0" 8115 726 323 httpd_access.log:st0re.cc 77.188.205.152 2 01.10.11 15:56:27 "POST /login_do.php HTTP/1.0" 8137 643 323 httpd_access.log:st0re.cc 87.122.34.237 2 01.10.11 15:58:01 "POST /login_do.php HTTP/1.0" 8125 635 323 httpd_access.log:st0re.cc 212.117.165.197 2 01.10.11 16:25:15 "POST /login_do.php HTTP/1.0" 8005 646 323 httpd_access.log:st0re.cc 46.20.44.58 2 01.10.11 16:26:19 "POST /login_do.php HTTP/1.0" 7911 638 341 httpd_access.log:st0re.cc 93.223.63.24 2 01.10.11 16:39:27 "POST /login_do.php HTTP/1.0" 8066 631 323 httpd_access.log:st0re.cc 77.20.159.112 2 01.10.11 16:47:10 "POST /login_do.php HTTP/1.0" 8025 643 323 httpd_access.log:st0re.cc 109.236.86.130 2 01.10.11 16:59:19 "POST /login_do.php HTTP/1.0" 1524 719 323 httpd_access.log:st0re.cc 88.69.129.69 2 01.10.11 17:01:04 "POST /login_do.php HTTP/1.0" 8045 721 323 httpd_access.log:st0re.cc 62.141.46.134 2 01.10.11 17:06:19 "POST /login_do.php HTTP/1.0" 8112 645 323 httpd_access.log:st0re.cc 93.133.47.182 2 01.10.11 17:14:46 "POST /login_do.php HTTP/1.0" 8307 622 341 # And who is the guy behind that crap?^C # last | grep mmgen mmgen ftp 212.150.184.230 Mon Oct 3 16:58 - 16:59 (00:01) mmgen ftp 212.150.184.230 Mon Oct 3 16:57 - 16:58 (00:01) mmgen ftp 212.150.184.230 Mon Oct 3 16:43 - 16:44 (00:01) mmgen ftp 212.150.184.230 Mon Oct 3 16:10 - 16:11 (00:01) mmgen ftp 212.150.184.230 Mon Oct 3 16:10 - 16:13 (00:03) mmgen ftp 212.150.184.230 Mon Oct 3 16:04 - 16:05 (00:01) mmgen ftp 212.150.184.230 Mon Oct 3 15:54 - 16:00 (00:05) mmgen ftp 212.150.184.230 Mon Oct 3 15:54 - 15:54 (00:00) mmgen ftp 212.150.184.230 Mon Oct 3 15:54 - 15:57 (00:03) # Israel does not look that interesting...^C # grep mgen.*78 /var/log/proftpd-transfer.log Sun Dec 19 14:56:29 2010 0 92.241.164.197 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180253783625111 b _ d r mmgen ftp 0 * c Fri Jan 14 23:16:40 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180257808454951 a _ d r mmgen ftp 0 * c Sun Jan 23 16:36:30 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180256065317802 a _ d r mmgen ftp 0 * c Thu Jan 27 23:14:04 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250537839337 a _ o r mmgen ftp 0 * c Thu Jan 27 23:14:07 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250621167843 a _ o r mmgen ftp 0 * c Thu Jan 27 23:17:39 2011 0 78.42.186.98 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250537839337 a _ d r mmgen ftp 0 * c Thu Jan 27 23:17:39 2011 0 78.42.186.98 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250621167843 a _ d r mmgen ftp 0 * c 78.42.186.98 resolves to Kabel Baden-Wuerttemberg GmbH & Co. KG, Muellheim in Germany. Looks like someone did not constantly use a proxy. Means you are officially . / \ | | |.| PWNED LOL! |.| / |:| __ / ,_|:|_, / ) (Oo / _I_ +\ \ || __| \ \||___| \ /.:.\-\ |.:. /-----\ |___|::pwn::| / |:<_T_>:| |_____\ ::: / | | \ \:/ | | | | \ / | \___ / | \_____\ Alright people let's keep the show going with El-Basar.biz ... ,;~;, /\_ ( / (() //) | \\ ,,;;'\ __ _( )m=((((((((((((((========{ El-Basar.biz }=======------- /' ' '()/~' '.(, | ,;( )|| | ~ Searching for "El-Bazar.biz" on google gives a ,;' \ /-(.;, ) good impression of what's being sold there. You ) / ) / can buy one week of DDOS to take down one web- // || site for 250 Euros. You get 10 US CCs without )_\ )_\ DOB (date of birth) for 5 Euros. And you can even buy 50g of MDMA crystals for 2000 Euros. Hilarious! El-Basar is being run by some guy called Ganymedes and was hosted on the same server as St0re.cc. However it seems like Ganymedes has moved his shop to another location which sadly has not been backdoored by us so far and thus will not make it into this issue of our ezine. Notwithstanding he left enough data on his old box, but we must say, Ganymedes, if you don't take down your store, we will be so kind and do that for you sooner or later. Thanks. # pwd /home # ls -la total 116 drwx--x--x 28 root wheel 1024 Sep 14 17:31 . drwx--x--x 18 root wheel 512 Apr 12 19:59 .. drwxrwx--- 13 alg www 1024 Feb 19 2011 alg drwxr-x--- 4 ayoga www 512 Apr 23 2009 ayoga drwxr-x--- 5 crank2010 www 512 Dec 27 2009 crank2010 drwxr-x--- 4 exchanger www 512 Mar 31 2010 exchanger drwxr-x--- 6 filip www 512 Jul 16 2010 filip drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 ganymedes drwxr-x--- 6 garf www 512 Apr 16 02:26 garf drwxr-x--- 4 lordknight www 512 Jan 3 2010 lordknight drwxr-x--- 4 madrage www 512 Jan 10 2010 madrage drwxrwxr-x 5 margosha www 512 Sep 8 16:22 margosha drwxr-x--- 7 mmgen www 512 Jun 11 13:18 mmgen drwxr-x--- 9 mr101 www 512 Apr 7 2010 mr101 drwxr-x--- 4 msk www 512 May 20 2009 msk drwxr-x--- 4 muraaat www 512 Aug 29 20:59 muraaat drwxr-x--- 7 nukeuploads www 512 Dec 2 2009 nukeuploads drwxr-x--- 8 onlineschauen www 512 Oct 1 23:57 onlineschauen drwxr-x--- 4 pavlrse www 512 Aug 21 03:32 pavlrse drwxr-x--- 8 propiska www 512 Nov 19 2010 propiska drwxr-x--- 5 scenehack www 512 Feb 22 2010 scenehack drwxr-x--- 4 snetwork www 512 Jul 14 22:01 snetwork drwxr-x--- 5 szenevz www 512 Mar 11 2010 szenevz drwxr-x--- 2 test4me www 512 Sep 2 01:39 test4me drwxr-x--- 4 thefuelru www 512 Jan 22 2010 thefuelru drwxr-x--- 4 useresu www 512 Aug 19 11:27 useresu drwxr-x--- 4 useresu1 www 3584 Aug 19 11:47 useresu1 drwxrwxr-x 6 vestacomp www 512 Dec 20 2010 vestacomp # cd ganymedes # ls -la total 1180 drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 . drwx--x--x 28 root wheel 1024 Sep 14 17:31 .. -rw------- 1 root www 520192 Oct 5 21:43 bash.core drwxrwx--- 3 ganymedes www 512 Sep 26 22:54 el-basar.biz drwxrwx--- 6 ganymedes www 1024 Sep 28 23:58 newsportal24.net drwxrwx--- 2 ganymedes www 53760 Oct 6 00:38 temp # cd newsportal24.net # ls -la total 388 drwxrwx--- 6 ganymedes www 1024 Sep 28 23:58 . drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 .. -rw-r--r-- 1 ganymedes www 397 Sep 27 18:24 index.php -rw-r--r-- 1 ganymedes www 16572 Sep 27 18:24 license.txt drwxr-xr-x 2 ganymedes www 512 Sep 29 00:50 test -rw-r--r-- 1 ganymedes www 4343 Sep 27 18:24 wp-activate.php drwxr-xr-x 9 ganymedes www 2560 Sep 27 18:25 wp-admin -rw-r--r-- 1 ganymedes www 40243 Sep 27 18:24 wp-app.php -rw-r--r-- 1 ganymedes www 226 Sep 27 18:24 wp-atom.php -rw-r--r-- 1 ganymedes www 274 Sep 27 18:24 wp-blog-header.php -rw-r--r-- 1 ganymedes www 3931 Sep 27 18:24 wp-comments-post.php -rw-r--r-- 1 ganymedes www 244 Sep 27 18:24 wp-commentsrss2.php -rw-r--r-- 1 ganymedes www 3577 Sep 27 18:24 wp-config-sample.php -rw-rw-rw- 1 www www 3896 Sep 27 18:33 wp-config.php drwxr-xr-x 6 ganymedes www 512 Sep 27 18:40 wp-content -rw-r--r-- 1 ganymedes www 1255 Sep 27 18:24 wp-cron.php -rw-r--r-- 1 ganymedes www 246 Sep 27 18:24 wp-feed.php drwxr-xr-x 8 ganymedes www 2560 Sep 27 18:26 wp-includes -rw-r--r-- 1 ganymedes www 1997 Sep 27 18:24 wp-links-opml.php -rw-r--r-- 1 ganymedes www 2618 Sep 27 18:24 wp-load.php -rw-r--r-- 1 ganymedes www 27601 Sep 27 18:24 wp-login.php -rw-r--r-- 1 ganymedes www 7774 Sep 27 18:24 wp-mail.php -rw-r--r-- 1 ganymedes www 494 Sep 27 18:24 wp-pass.php -rw-r--r-- 1 ganymedes www 224 Sep 27 18:24 wp-rdf.php -rw-r--r-- 1 ganymedes www 334 Sep 27 18:24 wp-register.php -rw-r--r-- 1 ganymedes www 224 Sep 27 18:24 wp-rss.php -rw-r--r-- 1 ganymedes www 226 Sep 27 18:24 wp-rss2.php -rw-r--r-- 1 ganymedes www 9839 Sep 27 18:24 wp-settings.php -rw-r--r-- 1 ganymedes www 18646 Sep 27 18:24 wp-signup.php -rw-r--r-- 1 ganymedes www 3702 Sep 27 18:24 wp-trackback.php -rw-r--r-- 1 ganymedes www 3266 Sep 27 18:24 xmlrpc.php # cat wp-config.php <?php /** * In dieser Datei werden die Grundeinstellungen für WordPress vorgenommen. * * Zu diesen Einstellungen gehören: MySQL-Zugangsdaten, Tabellenpräfix, * Secret-Keys, Sprache und ABSPATH. Mehr Informationen zur wp-config.php gibt es auf der {@link http://codex.wordpress.org/Editing_wp-config.php * wp-config.php editieren} Seite im Codex. Die Informationen für die MySQL-Datenbank bekommst du von deinem Webhoster. * * Diese Datei wird von der wp-config.php-Erzeugungsroutine verwendet. Sie wird ausgeführt, wenn noch keine wp-config.php (aber eine wp-config-sample.php) vorhanden ist, * und die Installationsroutine (/wp-admin/install.php) aufgerufen wird. * Man kann aber auch direkt in dieser Datei alle Eingaben vornehmen und sie von wp-config-sample.php in wp-config.php umbenennen und die Installation starten. * * @package WordPress */ /** MySQL Einstellungen - diese Angaben bekommst du von deinem Webhoster. */ /** Ersetze database_name_here mit dem Namen der Datenbank, die du verwenden möchtest. */ define('DB_NAME', 'ganymedes_bossm'); /** Ersetze username_here mit deinem MySQL-Datenbank-Benutzernamen */ define('DB_USER', 'ganymedes_bossm'); /** Ersetze password_here mit deinem MySQL-Passwort */ define('DB_PASSWORD', 'ijhdsA/Uh2dsauhdfeksdmfUSDdwn829s'); /** Ersetze localhost mit der MySQL-Serveradresse */ define('DB_HOST', 'localhost'); /** Der Datenbankzeichensatz der beim Erstellen der Datenbanktabellen verwendet werden soll */ define('DB_CHARSET', 'utf8'); /** Der collate type sollte nicht geändert werden */ define('DB_COLLATE', ''); /**#@+ * Sicherheitsschlüssel * * Ändere jeden KEY in eine beliebige, möglichst einzigartige Phrase. * Auf der Seite {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} kannst du dir alle KEYS generieren lassen. * Bitte trage für jeden KEY eine eigene Phrase ein. Du kannst die Schlüssel jederzeit wieder ändern, alle angemeldeten Benutzer müssen sich danach erneut anmelden. * * @seit 2.6.0 */ define('AUTH_KEY', 'A?1NvyK.$5HH^-R$,Pr)V8~M0-+-Vj3bxUds+{5su`FcN x<7FdcTC0-jDVR_YSq'); define('SECURE_AUTH_KEY', '#1)hl!C`8w9ZcHG(X<-jsv72J3Npz$NvT]p69x6:<@`eZ)H:^hQY*;A_&`,ET=^e'); define('LOGGED_IN_KEY', '+)GL ,SalA}QKsqx:,bbkuEndA/YObB-s^}rs/<3F(oJQOwd2!@h-JU)g/Wgy-uA'); define('NONCE_KEY', 'gp*( -=$-I*,q&Y]oJm<Dwas+|S_z>_irty|#bG+hp@Qj6%qo.-N d.ZnGC=f@`m'); define('AUTH_SALT', 'T|#(IjI)JW%66G(e2S}$k-8/QY.iEfl^/v}PWgtk$@cnw9d)N pAm4A,A.~f+<oO'); define('SECURE_AUTH_SALT', '<1?@.:Q>x_Hc}V^Wi${iO%`$FJb8%~W?$|*l{%$+cK2.{A*ZNW>)~Ht0r,p B[3('); define('LOGGED_IN_SALT', 'n[Un&54kqxFw|!d]ccfCV5ajNklT`YN/YECk (K2}T{;,0,*!|)ru}/ysPG s$v-'); define('NONCE_SALT', 'cm$vLkM34?(0u}&O)SOp>qCRZq*LJY``ym%-tNFg+MQ^#L{x~@c,d@fCJ27{;d~8'); /**#@-*/ /** * WordPress Datenbanktabellen-Präfix * * Wenn du verschiedene Präfixe benutzt, kannst du innerhalb einer Datenbank * verschiedene WordPress-Installationen betreiben. Nur Zahlen, Buchstaben und Unterstriche bitte! */ $table_prefix = 'wp_news'; /** * WordPress Sprachdatei * * Hier kannst du einstellen, welche Sprachdatei benutzt werden soll. Die entsprechende * Sprachdatei muss im Ordner wp-content/languages vorhanden sein, beispielsweise de_DE.mo * Wenn du nichts einträgst, wird Englisch genommen. */ define('WPLANG', 'de_DE'); /** * For developers: WordPress debugging mode. * * Change this to true to enable the display of notices during development. * It is strongly recommended that plugin and theme developers use WP_DEBUG * in their development environments. */ define('WP_DEBUG', false); /* That's all, stop editing! Happy blogging. */ /** Absolute path to the WordPress directory. */ if ( !defined('ABSPATH') ) define('ABSPATH', dirname(__FILE__) . '/'); /** Sets up WordPress vars and included files. */ require_once(ABSPATH . 'wp-settings.php'); # cd .. # cd el-basar.biz # ls -laR total 12 drwxrwx--- 3 ganymedes www 512 Sep 26 22:54 . drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 .. drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 85c91o822x3olps1d8179xizbm27 ./85c91o822x3olps1d8179xizbm27: total 12 drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 . drwxrwx--- 3 ganymedes www 512 Sep 26 22:54 .. drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 check ./85c91o822x3olps1d8179xizbm27/check: total 20 drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 . drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 .. drwxrwxrwx 2 ganymedes www 6144 Sep 17 13:01 vp2q910pxc2ifo091y ./85c91o822x3olps1d8179xizbm27/check/vp2q910pxc2ifo091y: total 16 drwxrwxrwx 2 ganymedes www 6144 Sep 17 13:01 . drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 .. -rw-r--r-- 1 www www 0 Aug 11 01:55 6337180250025522924 -rw-r--r-- 1 www www 0 Aug 9 19:04 6337180250037669499 ... # Nothing left here anymore :(^C # Better check the database ... # cat /etc/my.passwd bde413a2c8751ac97887f11d6efb2c39 # mysql -u root -pbde413a2c8751ac97887f11d6efb2c39 Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 205220 Server version: 5.0.51a-log FreeBSD port: mysql-server-5.0.51a Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> SHOW DATABASES; +--------------------+ | Database | +--------------------+ | information_schema | | alg_forum | | alg_hide | | alg_zzz | | crank2010_forum | | crimecore_board | | exchanger_db | | filip_eldent | | filip_eldent_ | | ganymedes_bosscc | | ganymedes_bossm | | garf_ban | | hcgcrew?forum | | jeka-test_ | | lordknight_forum | | lordknight_teon | | madrage_wbb | | margosha_forum | | margosha_sait | | mmgen_3 | | mmgen_ref | | mmgen_shop | | mr101_old | | mr101_w3 | | muraaat_mybb | | mysql | | onlineschauen_bi | | onlineschauen_ho | | onlineschauen_ma | | onlineschauen_on | | onlineschauen_se | | pavlrse_xshop | | propiska_gr | | propiska_us | | propiska_work | | scenehack_board | | snetwork_4g741 | | snetwork_sh24op | | szenevz_123 | | szenevz_db | | test | | test4me_db | | thefuelru_pp | | useresu1_prava | | useresu_bollist | | vsocks_vsocks69 | | vsocks_vsocks69_ | | vsocks_vsocks69_a | +--------------------+ 48 rows in set (0.00 sec) mysql> USE ganymedes_bosscc; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> SHOW TABLES; +----------------------------+ | Tables_in_ganymedes_bosscc | +----------------------------+ | admin_navi | | navi_de | | news | | produkt_gruppen | | produkt_items | | produkte | | psc | | support | | supporter | | supporter_group | | ukash | | users | +----------------------------+ 12 rows in set (0.00 sec) mysql> SELECT count(*), sum(guthaben) FROM psc; +----------+---------------+ | count(*) | sum(guthaben) | +----------+---------------+ | 74 | 1080 | +----------+---------------+ 1 row in set (0.00 sec) mysql> # Not bad ... mysql> SELECT count(*) FROM users; +----------+ | count(*) | +----------+ | 1359 | +----------+ 1 row in set (0.00 sec) mysql> SELECT * FROM users WHERE guthaben > 1; +------+----------+------------------------------------+----------------------+-----------+----------+--------+ | id | username | pass | email | reason | guthaben | access | +------+----------+------------------------------------+----------------------+-----------+----------+--------+ | 1 | blamedyy | ==44c8cf514440543c728bee1864a1a466 | blamedyy@yahoo.com | | 897 | 1 | | 474 | hung2304 | ==2864d82ad1e49fffcafe85976c602868 | jidar@hotmail.de | faked psc | 8 | 33 | | 485 | SlamD | ==65259faf801899cfd1f27b389b8849ac | arx2@gmx.net | | 3 | 0 | | 555 | AEQUITAS | ==ee61e9fd8caafb735406838f18235281 | aequitas@z1p.biz | | 3 | 0 | | 618 | Jettic | ==a1eba8157beb255a503e8b586e141b61 | jettic@mail.ru | | 3 | 0 | | 634 | me2 | ==cfbf7976666e981d217cfed255d7db6e | fff8756@yahoo.de | | 3 | 0 | | 640 | riddick | ==24217c603630ce2339503db1d009b8c7 | riddicker1@web.de | | 3 | 0 | | 817 | Hilli | ==8e6a108a6555e604f9f652d679c7ab29 | shiva166@web.de | | 2 | 0 | | 865 | killersm | ==6b8daaab17c40f5fbf9aab0db8dc21bf | jhir@jire.de | | 3 | 0 | | 875 | skilled | ==195b9d5a1e7d2ef7237eb467533ec1f2 | sk@sk.com | | 3 | 0 | | 943 | FatJoe | ==ed35e0bc4b6a22cd24f74e039533276f | sedaephi@emailgo.de | | 2 | 0 | | 963 | Bogner | ==b3a0ad39806aced9241a80b9a11868e4 | placebo84@hotmail.de | | 3 | 0 | | 971 | keks | ==572330601360f7945006cae2ea549bab | aggroberliner222@web | | 3 | 0 | | 975 | saidone | ==aba11e56813d842283854c6ccccbef60 | saytec@gmx.de | | 3 | 0 | | 1022 | lczero | ==37d1475d60b2c99b1c222a5a5acc2c58 | sdpfmodpmgg@web.de | | 3 | 0 | | 1094 | peterpan | ==fdc6b6d13338d1b9f1099dcec97cb2a8 | tfmpp1@web.de | | 3 | 0 | | 1261 | Tommy | ==7d01922eeaeb9682953c49fd20ece458 | tomdanger@rbcmail.ru | | 3 | 0 | | 1443 | 2345176 | ==9ddfac889552a0cdf635e46c8c70b01b | b2121870@prtnx.com | | 3 | 0 | | 1466 | badboy44 | ==3fa46350e1a9aa6f09a32cb342eb8c31 | anja_ludi@web.de | | 3 | 0 | | 1484 | delphin | ==7b8d81c371ada9fd93a448c7ac45b346 | asdgasd@asdga.de | | 3 | 0 | | 1494 | booom | ==ee6c8e07eed464a4842c2335b4977309 | jhghj@gggh.de | | 3 | 0 | | 1512 | tetrispr | ==1e63fa4217770660acccbcf4acabfc67 | tatakiru@gmx.de | | 3 | 0 | | 1513 | stage6 | ==660d11767f02a3a7403bfe47954de520 | carders@hotmail.de | | 3 | 0 | | 1586 | m1sc | ==1d28ce4b9ff02e4a08432036f7316db1 | m1sc@gmx.de | | 3 | 0 | | 1619 | anubis | ==dda9ab9768f7367198227e69b83cedbd | xAnuBiSx@gmx.de | | 3 | 0 | | 1671 | carlos | ==2a363b531b95578a7d816dd02cde60d6 | carlos---@live.de | | 3 | 0 | | 1715 | advanced | ==924f32ec3a868e5555ee1910d4242ce1 | advanced@gnx.de | | 3 | 0 | | 1719 | Blizzard | ==74281aac5624b24fb3472feab558a5d1 | kgadkhagj@spambob.de | | 2 | 0 | | 1735 | ripit | ==eed34671e873f2aa07d30d878f182ce0 | ripit@mailinator.com | | 3 | 0 | +------+----------+------------------------------------+----------------------+-----------+----------+--------+ 29 rows in set (0.00 sec) mysql> Aborted There we got one of Ganymedes' other accountnames and his email: blamedyy@yahoo.com. We better check out some proftpd logs. Ganymedes constantly used proxies, but there is one login sequence where he did not: # grep 93.232.*ganymedes proftpd-transfer.log Mon Jan 24 15:34:21 2011 0 212.117.174.26 0 /home/ganymedes/el-basar.biz/85c91o822x3olps1d8179xizbm27/check/vp2q910pxc2ifo091y/6337180258293023293 a _ d r ganymedes ftp 0 * c Mon Feb 07 02:04:40 2011 0 93.232.193.137 2416 /home/ganymedes/el-basar.biz/designe/design/navi.php a _ o r ganymedes ftp 0 * c Mon Feb 07 02:04:45 2011 0 93.232.193.137 1709 /home/ganymedes/el-basar.biz/designe/design/title_gh.php a _ o r ganymedes ftp 0 * c Mon Feb 07 02:09:23 2011 0 93.232.193.137 1917 /home/ganymedes/el-basar.biz/co2xcpqwlvxmi/config.php a _ o r ganymedes ftp 0 * c Deutsche Telekom AG, NRW, Germany. Well done kid. ,;~;, _/\ \ ) (\\ ()) /';;,, // | -------==={ The Happy Ninja Faker }===))))))))))))))=m( )_ __ | ,(.' '~/()' ' '\ Some of you guys might have noticed that a ~ | ||( );, "HappyNinjas" Twitter account has been created ( ,;.)-\ / ';, on the 4th or 5th February 2011 which seemed \ ( \ ( to offer the opportunity to receive the latest || \\ news regarding our actions. As we observed this /_( /_( account got some attention and even obtained nearly 100 followers. Hurray. However it isn't ours :( To get more publicity the creator also published a fake zine called exp04.txt at http://www.pva-apeldoorn.nl/exp04/exp04.txt. It was very clear that the person didn't do this to help us or fight the fraudscene, but to spread lies. So we did the only logical thing: We hacked that server too, removed the fake and copied some logs. Here are some excerpts: 2011-02-10 16:19:24 W3SVC4579 SOHOSTED07 195.8.208.38 GET /exp04 - 80 - 91.211.117.25 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+de;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6.13 - - 301 0 0 370 399 500 2011-02-10 16:19:26 W3SVC4579 SOHOSTED07 195.8.208.38 GET /exp04/index.html - 80 - 91.211.117.25 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+de;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6 .13 - - 200 0 0 316 400 687 2011-02-10 16:58:53 W3SVC4579 SOHOSTED07 195.8.208.38 GET /exp04/exp04.txt - 80 - 91.211.117.25 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+de;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6. 13 - http://twitter.com/ 304 0 0 236 527 296 Whups, looks like someone did a messy job there. Well, at least he used a proxy. But after some black magic we also hacked the proxy and it showed us the right way to payback. So who did this lousy job, you may ask? Noone else but 3lite aka InVisible, (former) moderator and admin of several fraud orientated message boards. It wasn't hard to find more information about him, right Robin? To understand why someone would do such things we first have to understand who he is. Robin is 19 years old and comes from a typical middle class family. Both parents are employed, the father as an administrative official, the mother as an industrial clerk. He also has three sibs. His family consists of baptists (a crazy sect, calm but annoying), thus it is not really surprising that his mother also spends way too much money on esoteric medicine. I guess if you can believe in the biblical history of creation you can believe in anything. His education started at the grammar school (Gymnasium) in 2002. After two wasted years he switched to middle school (Realschule). Three years later he had to switch again, this time to secondary modern school (Hauptschule). The story of his life. This year he finished technical college (Berufsfachschule) with a rather bad grade. In his virtual life he mostly works with botsoftware, infects people and sells the stolen data to other fraudsters. In other words: he is a trojan skiddy. Sounds like a bored, unmotivated child without much talent and that is exactly what he is. He used more than ten different nicknames in the past, because after a while they all had a very bad reputation. And that are only the names we know about, there are probably more. _ _____________________ _ | | | | |b| Deoxys |b| |o| Aerodactyl |o| , |x| Raid0n17 |x| (@| | | DeoOxygen | | ,, ,)|_____|o| ExplosiV / ExplOsiv |o|_______ //\\8@8@8@8@8@8 / _ _ |f| Androx |f| _ _ _ \ \\//8@8@8@8@8@8 \_____| | 3lite / 3lite2k11 | |_______/ `` `)| |s| Raiden |s| (@| |h| »InVisible |h| |a| R@ven |a| |m| Fr33w4re |m| |e| VexX |e| |_|_____________________|_| If you want to check him out yourself, here are some links. More information can be found in the attached files. http://www.youtube.com/Raid0n17 http://www.youtube.com/DeoOxygen http://aerodactyl.wordpress.com/ http://steamcommunity.com/profiles/76561197968670011 He loves to use variations of "1337" and "troll" as his passwords. Very secure, you should give it a try. Our conclusion: This guy is really fucked up. He is a pathological liar, a deadbeat, a scammer. Avoid him if you can. Side note: The following two texts have already been published by us, because the given circumstances forced us to in that time. Since both texts have not made it into an "official" ezine yet, we decided to print them here. Have fun! ,;~;, /\_ ( / (() //) | \\ ,,;;'\ __ _( )m=((((((((((((((======={ Swissfaking.net }=====------- /' ' '()/~' '.(, | ,;( )|| | ~ Swissfaking.net has not been in the center of ,;' \ /-(.;, ) our interest for long, mainly because one doesn't ) / ) / hear a lot about it. From the outside they just // || seem to be a small board, not any worse than )_\ )_\ the average kiddyforums. However, when looking at it closely, one notices that swissfaking manages to fully compensate for their size with the most shrewd users. These peoples' only interest seems to make money. Lots. Fast. No matter what. Swissfaking consider themselves a very special community; that's why the registration has been closed since 2009 and replaced by an invite system. Under these circumstances one would not expect great activity in the forums, though as we first logged in, we were bombarded with piles of blinking flash ads. The most ridiculous one was probably that of some fag selling credit cards. ____________________________________________________________________ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | d3adline: | | You want buy without any risks? You want fast car? You want hot | | girls? You want have glamorous partys? Then buy ccs from d3adline | |____________________________________________________________________| This again shows pretty well how ignorant those fucks are; as if a credit card brought you from mom's basement to high life. Just because the majority of swissfaking's users probably suffer from the same mental disease as the mister quoted above, we have prepared a treatment, but wait, before we start, here are Username:plain password:IP:logintime of almost all users: p5n:@Copy10cv:91.89.69.182:January 2, 2011, 9:24 pm mcdrive:belinea:188.23.69.210:January 2, 2011, 11:19 pm n3ro:LbiI:{mq>K kZä<K[RQz*5\:77.181.45.137:January 3, 2011, 5:08 pm thc2010:SICKboy2010:64.9.156.229:January 3, 2011, 12:06 am kargo.kr:PKRV50:88.77.6.25:January 3, 2011, 9:51 pm karom:hotelteller:91.46.1.37:January 3, 2011, 1:10 pm smokingred:smokingred1985:93.217.96.252:January 3, 2011, 1:37 am webdevil:Ag3n SWISS:91.19.104.254:January 5, 2011, 12:48 pm larifka:123$%&/Is:85.235.31.248:January 2, 2011, 10:21 pm razade:blutbad:80.145.149.244:January 2, 2011, 9:01 pm masterblade:morpheus33:89.204.153.251:January 4, 2011, 12:22 am kra!z0r!x:5%Ö\h/{W)l:80.226.20.162:January 2, 2011, 10:24 pm n0f3ar:chaoskate2104:93.222.26.148:January 3, 2011, 2:33 pm st3ffl0r:1989WarCraft1:84.60.197.233:January 2, 2011, 9:54 pm c4rd3t:carden:184.168.193.21:January 3, 2011, 5:21 pm ciwan:swiss89:46.59.135.66:January 6, 2011, 2:30 am schmidx01:Knm7rSQm:178.3.187.31:January 3, 2011, 7:21 pm jintonic:fisch123:79.218.165.84:January 3, 2011, 2:34 pm blackmatrix:18112001a:93.130.99.106:January 2, 2011, 9:14 pm b0lk:never4you:213.186.121.4:January 4, 2011, 10:06 pm injector1337:testpw:91.52.241.204:January 3, 2011, 6:59 pm jaheira:qwertzu88:79.218.244.214:January 2, 2011, 9:33 pm fake:789yxc456v:212.117.172.231:January 2, 2011, 9:14 pm bullddoser:llg(86543=(6zrXRDPNVD2ße:46.115.37.209:January 3, 2011, 12:20 am lonelywolf:16156560:91.65.72.63:January 3, 2011, 5:28 pm korg2009:98600599:92.201.105.116:January 3, 2011, 3:18 pm stecher:-meinauto2010-:88.73.20.31:January 2, 2011, 11:36 pm breadfish:bread123:184.107.26.91:January 4, 2011, 1:38 pm soxtexo12:fcaugsburg07:93.135.18.113:January 2, 2011, 10:38 pm petrisun:SahneSchnitte1855!!!:77.187.31.76:January 3, 2011, 1:23 pm flod0:ollum123:79.204.172.231:January 3, 2011, 10:42 am fr3ak190:pown3d100%:92.241.165.69:January 3, 2011, 2:45 pm chimsus:free4you4free:79.226.166.136:January 2, 2011, 9:09 pm cchesk:123456a :91.10.77.30:January 3, 2011, 8:27 pm diggix:gummiboot:92.117.55.104:January 2, 2011, 11:16 pm sperle:$%er87qw:88.130.174.181:January 2, 2011, 10:16 pm crypther:weissnicht1:77.10.228.141:January 2, 2011, 9:02 pm h1xx3r:fucker:84.23.74.92:January 3, 2011, 2:22 pm fame.de:k7vt2k7vt2:93.217.161.47:January 5, 2011, 10:06 pm penis17:g9$nGC0=/Rf6i:84.19.169.232:January 2, 2011, 9:58 pm gulideckel:1q2w3e4r5t:77.58.105.102:January 2, 2011, 9:40 pm fallsbay:pleasure:95.211.10.25:January 3, 2011, 10:03 pm cracker:nokia:95.208.188.115:January 3, 2011, 12:47 am flashkill:kuschel123:84.175.201.137:January 2, 2011, 9:19 pm lczero:!1ifckusogothebaum:95.211.13.145:January 3, 2011, 7:16 pm blackbez:frozen44:217.114.211.242:January 5, 2011, 4:13 am qobi:g-star7:85.176.71.3:January 3, 2011, 6:32 pm can:qaywsx:91.121.82.175:January 3, 2011, 1:59 am hammerhalde:!tsh4mmersh0t8(1!:109.192.225.71:January 2, 2011, 10:06 pm optiker:serakaya:188.97.205.230:January 3, 2011, 6:16 pm jokajoka:fardfard:213.3.11.190:January 3, 2011, 9:07 pm nootwehr:skater11:61.220.57.86:January 7, 2011, 12:30 am toco:banzai555:87.79.172.32:January 3, 2011, 1:32 pm scylla:loslos123:96.52.178.186:January 3, 2011, 11:16 pm 3n3my:hawara2611:77.242.73.40:January 2, 2011, 10:39 pm beelzemon:eugen0889:109.192.53.149:January 3, 2011, 1:02 am cine:cine1:188.103.1.137:January 4, 2011, 11:41 pm siedlaa:robin1994:85.2.107.225:January 3, 2011, 10:06 pm bugsy:medion12:93.128.66.34:January 2, 2011, 11:22 pm nero:Dennis123!!:93.245.205.131:January 2, 2011, 10:08 pm senfi:AdrianPSP:178.198.73.249:January 2, 2011, 9:40 pm vapo:rootystar:95.211.99.92:January 3, 2011, 7:46 pm illegalimmigrant:GncNMf9h:94.100.31.74:January 3, 2011, 1:41 am alpha21:klasnic321:84.137.120.110:January 2, 2011, 9:12 pm hackthenet:Pannewitz:88.134.94.217:January 2, 2011, 10:00 pm phant0m:r992uO_f)vrHS}44*C&st$:92.241.164.54:January 2, 2011, 9:42 pm criston:dinosauria1234:77.180.51.115:January 3, 2011, 1:42 pm kingtph:superflieger:93.193.94.186:January 3, 2011, 12:57 am pinto:malaka:84.177.81.175:January 3, 2011, 12:13 pm zet:xFfFG6zF:93.199.171.214:January 2, 2011, 11:17 pm conax:sojkagmbhdigitaldruck:212.117.162.192:January 2, 2011, 10:18 pm syntax:seckin!kilic91:85.181.19.164:January 3, 2011, 3:08 pm theana1yst:selfmade:80.187.246.158:January 3, 2011, 8:41 am maury:2408821982:79.7.13.209:January 2, 2011, 9:46 pm 7inch:Rasta1!:87.186.114.153:January 3, 2011, 1:22 pm kaiz0r:derbisenda:80.254.75.59:January 3, 2011, 12:24 pm east0n:Swiss2010!:93.190.142.49:January 3, 2011, 12:48 pm killbill:123456mm:88.64.128.57:January 3, 2011, 8:53 pm bugzy:london1010:41.206.12.2:January 4, 2011, 11:21 pm marrs1:26081989:91.66.246.96:January 3, 2011, 2:57 am fickmaus:9N#oJa/yCr.tsb^<aoJa1~R\dKd&t:84.19.169.165:January 2, 2011, 10:29 pm thunbird:gentleman:92.241.190.253:January 3, 2011, 1:07 pm rechman:megaman12345:188.98.33.38:January 3, 2011, 3:06 am creative:Tempo.4tw.:217.227.191.210:January 2, 2011, 9:37 pm rich91:youngmoney:78.94.4.246:January 2, 2011, 10:38 pm sinshou:bananekopf26%:92.192.111.112:January 2, 2011, 10:21 pm romulus:acer89:80.123.46.94:January 2, 2011, 9:12 pm $p45ch4$:bigrick1:92.241.168.20:January 5, 2011, 2:49 am nakman:jakobina0067vs:77.177.19.207:January 2, 2011, 10:25 pm nadas:kostenlos12:77.188.71.188:January 6, 2011, 12:41 am and1player:passwort44:83.170.95.133:January 2, 2011, 11:21 pm rubberduck:jasmin2:202.60.66.32:January 6, 2011, 3:33 am aggron:virago125:84.171.99.233:January 3, 2011, 11:07 am tsd:123456:77.8.195.232:January 2, 2011, 9:46 pm sinned:cocacola:91.57.54.91:January 3, 2011, 12:00 am xaaser:jaynaltin:87.78.67.4:January 2, 2011, 9:17 pm k0ptix:icke10115:95.211.99.92:January 4, 2011, 3:51 pm klempner:PoKeMoN2000:93.197.176.43:January 3, 2011, 12:38 pm bigdog:mamice:88.134.112.111:January 5, 2011, 9:19 am m4.ch:P0r744lp:95.208.135.191:January 2, 2011, 9:07 pm 123x321:000000:88.117.58.97:January 6, 2011, 6:04 pm happyfree:313100:41.102.244.158:January 3, 2011, 11:07 pm flearuns:dh2ed3h:93.203.162.123:January 3, 2011, 2:28 am knaufo:icqicq:79.205.172.197:January 2, 2011, 11:16 pm kranker:flakfeuer:217.236.156.115:January 2, 2011, 9:48 pm shygo:462813795W.wq:88.153.192.142:January 4, 2011, 2:25 pm x3r0x:0106080d:77.177.37.25:January 2, 2011, 11:32 pm j0k3r:xhodon:77.12.19.10:January 4, 2011, 5:47 am ratchet:chrisi!sf99:92.192.36.78:January 4, 2011, 4:40 pm nyd:swissfuck888:80.226.44.156:January 3, 2011, 11:03 am usenext:masterminds:77.177.37.25:January 3, 2011, 1:28 am luxx!z:mattrex123:178.162.185.151:January 2, 2011, 11:30 pm darkfunny:Master1993:94.220.255.219:January 5, 2011, 4:31 pm jaksa:mama5448:91.54.81.152:January 3, 2011, 2:46 am sinobis:!1337!:79.213.236.37:January 2, 2011, 9:11 pm dd7:perler123:92.226.209.196:January 3, 2011, 12:53 am scoz:sucked77:87.118.116.196:January 3, 2011, 6:51 pm pukker:100200300:217.88.224.247:January 3, 2011, 10:02 pm midi23:netgear:178.5.13.28:January 3, 2011, 4:15 pm daddy:92kev!n19:87.144.71.86:January 3, 2011, 7:57 am scriptcheck:script2501:84.157.41.158:January 6, 2011, 4:58 pm h00:stups!050590:78.49.11.25:January 3, 2011, 12:31 am hans-wurst:volkan95:92.76.11.157:January 2, 2011, 10:39 pm knuff:111111:77.181.139.1:January 4, 2011, 4:51 pm 2slow4u:qWeRtZuIoP!"§$%&/()=?90:79.238.143.241:January 2, 2011, 10:29 pm kenzoo:ganja:84.46.30.136:January 2, 2011, 9:05 pm pascal1988:pacimaster:93.193.198.152:January 6, 2011, 4:47 pm the|biggie:Qu<oyJv]Xc$gfd4k:62.224.132.166:January 2, 2011, 9:12 pm cr4ck:iloveswiss:80.226.190.48:January 2, 2011, 9:41 pm james:schulen:79.194.61.50:January 4, 2011, 2:40 pm clx:fischer:88.74.186.72:January 2, 2011, 9:45 pm bonbergol:Calabria:82.83.226.27:January 2, 2011, 9:53 pm russka:connection:212.117.174.26:January 2, 2011, 9:07 pm hiddencell:sfhc123!:94.220.165.4:January 2, 2011, 9:19 pm rockz:laola123:77.0.211.178:January 3, 2011, 7:31 pm rollmops:undesistghetto:92.241.165.69:January 3, 2011, 2:08 am deinemudda:dickenberg:80.187.102.194:January 3, 2011, 4:07 pm carsi93:sikicisemih93:91.60.76.140:January 5, 2011, 8:56 am tricktrick_09:elyts123:188.195.241.141:January 3, 2011, 11:57 am donnie:12344321:79.239.111.51:January 2, 2011, 10:50 pm 1llegal:zuhälter:188.107.121.32:January 2, 2011, 9:23 pm freewolf:EliSSa1!:188.106.177.73:January 4, 2011, 12:36 am cobega:you64control:95.143.192.159:January 4, 2011, 12:09 am lan-kabel:rchbpf1567kb5q1337yo:94.216.194.53:January 2, 2011, 9:54 pm nightwalker:123123:87.153.145.248:January 5, 2011, 7:57 pm luca:Reiterbogen01:95.143.192.159:January 2, 2011, 9:41 pm dr.med.den.rasen:Google.de/12:77.3.161.91:January 5, 2011, 6:37 pm lynex:a1zb9ky95:178.199.76.95:January 3, 2011, 5:04 pm boterkid:147896325:95.89.159.72:January 2, 2011, 10:08 pm cangria:Ch4xt0r11:92.241.184.61:January 6, 2011, 1:54 am me.:sa06bi02ne:84.60.186.200:January 2, 2011, 11:14 pm sidneyland:sidney12:87.165.220.205:January 3, 2011, 3:27 am badboypole:rapidsharehp1:212.117.162.192:January 3, 2011, 2:40 pm racketeer:neumsche:95.211.99.91:January 2, 2011, 10:44 pm hearts:deutschland:212.117.172.231:January 6, 2011, 1:30 am jaro:ichstinke:80.140.2.165:January 5, 2011, 1:19 am mehmet14:hass:89.13.128.117:January 2, 2011, 10:05 pm eldiablo:eldiablo315:78.42.155.69:January 3, 2011, 8:51 pm dv1980:dv19801980:84.44.191.37:January 6, 2011, 8:31 pm ppp:jockel)!"//:80.226.20.125:January 4, 2011, 11:10 am delirion:gericom:87.118.120.182:January 3, 2011, 10:36 pm h3c