CastleCops®

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Busted!: DDoS

Anonymous writes "Not certain if your aware, but I came across your site simply because www.ryan1918.com/org points to it. Ryan1918 is normally a script kiddie site that hosts all kinds of trojan viruses for the kiddies to download and compile. Probably one of the biggest on the net, having all your favorites, sdbot, gaobot, phatbot and so on. I despise them and have been trying to get the site taken off the net for a while now, legally. As I work for a ISP and deal with the abuse issues and s***** like these kids only create issues.

Just my guess that this is the source of the DDoS attacks since your attacks started at the same time these domains got pointed towards your sites.

Maybe your already aware of this.

Just some info.

Thanks,
Edge
dardin@cox.net

Note: ungrateful little twirp "

Posted on Wednesday, 05 May 2004 @ 13:25:19 UTC by phoenix22 (7670 reads)
[ Trackback ]

"Busted!: DDoS" | Login/Create an Account | 11 comments | Search

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: not really news, but I'm to lazy to sign-up in regards to DDoS (Score: 1)
by Paul on Wednesday, 05 May 2004 @ 14:42:29 UTC
(User Info | Send a Message | _JOURNAL) http://www.laudanski.com

Thanks Edge, I'm forwarding this to the FBI. We've also found the following sites linking back to NC:

http://backup-freeware.net/nukecops-com.htm
http://free-data-recovery.net/nukecops-com.htm

Doing a search on ryan1918 at google shows:

http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=ryan1918

These guys need to be shut down.

Re: not really news, but I'm to lazy to sign-up in regards to DDoS (Score: 0)
by Anonymous on Thursday, 06 May 2004 @ 12:54:29 UTC

you cant and wont shut them down. plain and simple. and forwarding this to the FBI wont do anything.

]

Re: not really news, but I'm to lazy to sign-up in regards to DDoS (Score: 0)
by Anonymous on Friday, 07 May 2004 @ 14:03:38 UTC

Paul,

Here's another script-kiddie site that I found pointing to our site with a direct sql-injection method .... fortunately, after being hacked with that method a couple weeks ago ... it's since been fixed and full security is in force ... but that's not stopping them from hammering the site and posting the link for all their buddies to hit.

http://www.rohitab.com/discuss/ikonboard.cgi

]

Re: not really news, but I'm to lazy to sign-up in regards to DDoS (Score: 1)
by tank863 on Wednesday, 05 May 2004 @ 15:05:50 UTC
(User Info | Send a Message) http://tankweb.net

Paul,

Seems that yor woes are a direct result of the gaobot virus/worm

Read on:
http://sarc.com/avcenter/venc/data/w32.gaobot.afj.html

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125006

It seems that ryan1918.org is a redirect of the gaobot and since it is redirected at your site.. you are getting all the traffic from the gaobot virus...

I will talk to you tomorrow..

Tank863

Re: not really news, but I'm to lazy to sign-up in regards to DDoS (Score: 1)
by Stephen2417 on Wednesday, 05 May 2004 @ 16:03:02 UTC
(User Info | Send a Message)

O god.. So Paul are you still selling Nukecops????

Re: not really news, but I'm to lazy to sign-up in regards to DDoS (Score: 1)
by Stephen2417 on Wednesday, 05 May 2004 @ 16:24:03 UTC
(User Info | Send a Message)

Please dont paul... Keep it.. things will get better.

Youve got the fbi on your side now.

]

Re: not really news, but I'm to lazy to sign-up in regards to DDoS (Score: 1)
by !TMOV on Wednesday, 05 May 2004 @ 16:07:55 UTC
(User Info | Send a Message)

see the postings at jaguarpc where ryan is still posting and being belligerent.

http://forums.jaguarpc.com/showthread.php?threadid=11083&goto=newpost
tmov

Re: not really news, but I'm to lazy to sign-up in regards to DDoS (Score: 0)
by Anonymous on Thursday, 06 May 2004 @ 13:50:01 UTC

Allevon Writes:

Has anyone tried this:

ryan1918@catholic.org

ryan le (ryan1918@catholic.org)
+1.2062022130
Fax: +1.
191 josh st
mt morris, MI 48609
US

Registrant ID:hw1958041rl
Registrant Name:ryan le
Registrant Street1:1913 stanley
Registrant City:saginaw
Registrant State/Province:michigan
Registrant Postal Code:48602
Registrant Country:US
Registrant Phone:+1.2062022130
Registrant Email:ryan1918@catholic.org

ryan le ryan1918@catholic.org
1913 stanley
saginaw, michigan 48602
206-202-2130

]

Re: not really news, but I'm to lazy to sign-up in regards to DDoS (Score: 0)
by Anonymous on Friday, 07 May 2004 @ 08:57:48 UTC

Are you kidding me? That Ryan guy has been on Nukecops and posting in the forums for ages. Of course they know about him, but because this has been posted on their security site they are going to make a fuss about it.

Re: DDoS (Score: 1)
by BadJake (deanjx@yahoo.com) on Sunday, 09 May 2004 @ 09:31:05 UTC
(User Info | Send a Message) http://www.totalrekall.co.uk

It looks like Ryan1918.com/org has been shut down by its hosting service (Yahoo)

Re: DDoS (Score: 1)
by jayjwa on Wednesday, 01 September 2004 @ 13:45:24 UTC
(User Info | Send a Message)

I'm sorry to tell you, that is NOT the only site on the Internet. Censoring what source code people can or can't see is BS. I've seen the site, the majority of it is not point-n-click exploits, but rather masses of C code which needs to be compiled. Do a search for virus. I garrantee you that within 4 minutes you will be able to pick among various different viruses to download. Running around the 'Net attempting to down sites which have material that is objectable to *you* is simply not the way. If we all should act in this manner, then I propose that we go ban all gun shops immediately. They have guns, which can end real lives, not just data on a computer system. While we are at it, let's go ban the automobile- many deaths each year. Knives too, take those. New law: no windows allowed over 4 feet off the ground; someone may fall out one.
I myself am a sysadmin, and, yes, like anyone else with a site open to the Internet I get a routine barrage of various exploits, viruses, malware, and what-not. I've survived serveral ddos's. If anyone should complain about potentially dangerous material on the Internet, it should be someone like myself, but I don't. Why?
Because this stuff exists for two main reasons: 1) End-users have no concept of basic computer security or how their systems work. Microsoft has made sure of this. Because operating a computer has been reduced to click the little picture, users have no clue as to what the Windows Registery does, what's in win.ini, autoexec.bat, or anything else. No wonder 90% of the malware I've seen all uses the same HKLM registery Run/RunOnce autostart trick. 2) Security & Stability come last (read: Windows) in the most popular OS. How many systems got backdoored because of the Adobe Obj. issue? How long before MS got around to fixing that?
Is MS totally to blame? Of course not. It *is* possible to secure a Windows machine. It was my past OS before the current one. I never had a single virus, adware, or spyware. It's not a hard task to accomplish:
1) Don't use known exploitable software. If you're still using MSIE after it's history, you are *asking* to get 0wned.
2) Keep your patches, system, and software up to date. Always.
3) Use the tools available to fight malware, and keep them up to date. These don't have to cost money.
4) Have a basic knowlege of how your computer works! If you do, you'll know instantly when something is amiss, and be able to stop it *before* it becomes an issue. Once you understand how something works, be it a virus, trojan, webdownloader, or whatever, it stops being a mystery and you will know what it look for, how to stop it, how to remove it, or how to avoid it in the first place.
Running around censoring & banning everything is only a Band-Aid fix on a dam of malware- it *will* eventually over-flow and spill out again. And then what? In the mean-while, 5 sites have popped up to take its place. Do you know where *those* are?

-jayjwa

	Login

	Nickname Password Security Code: Type Security Code: Usage signifies AUP acceptance · New User? · Click here to create a registered account.

	Related Links

	· del.icio.us! · digg it! · reddit! · TrackBack (0) · HotScripts · W3 Consortium · More about Hassle · News by phoenix22 Most read story about Hassle: SpywareStrike, a clone SpyAxe blackhole

	Article Rating

	Average Score: 0 Votes: 0 Please take a second and vote for this article:

	Options

	Printer Friendly Page


	2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 93ppm 0.161s (0.025s) Making cybercriminals unhappy since 2002*