[Dshield] eBay Billing Update

Adam Leach adders at ask-adders.co.uk
Wed Aug 6 22:30:13 GMT 2003


Hi,

I went to the site to enter rubbish into their page a few times to cause
them so rubbish information.

After a few hours they decided to start sending loads of requests to my
proxy/web server.  

They all came from sg01.uk.verideon.net the following is the apache log
and the linux firewall log

sg01.uk.verideon.net - - [06/Aug/2003:15:22:58 +0100] "GET / HTTP/1.0"
200 30470

Aug  5 17:35:15 dev kernel: SuSE-FW-ACCEPT IN=eth0 OUT=
MAC=00:01:02:15:4f:e5:00:09:b6:6b:84:8c:08:00 SRC=80.69.8.133
DST=<MY_IP_ADDRESS> LEN=60 TOS=0x08 PREC=0x00 TTL=52 ID=23329 D
F PROTO=TCP SPT=47381 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 OPT
(020405B40402080A11152BD10000000001030300)

Probably not much use now it was a few hours ago since it stopped and
they have probably moved on to another machine.  

At least somebody has closed the site http://www.ebayupdate.net/

Sometimes it can be amusing to annoy someone.

Regards

Adam

On Tue, 2003-08-05 at 20:31, Shawn Berg wrote:
> I can give you the headers but as far as the email goes, it is in HTML so
> will not display on the list.
> 
> 
> 
> -----Original Message-----
> From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
> Behalf Of Leone, Michael
> Sent: Tuesday, August 05, 2003 1:55 PM
> To: 'General DShield Discussion List'
> Subject: [Dshield] eBay Billing Update
> 
> 
> Forward the E-mail you got to the list, including the full e-mail headers.
> 
> I contacted Ebay Corporate, told them the specifics and told them the
> domain. The women on the phone seemed like she didn't care, but said she
> would have it "looked into." I even went to the fraud site piped through
> anonymouse.de and filled in the info with BS values. For instance my name is
> "You R. Busted" living at "Sing Sing Federal Penitentiary." I can probably
> track down who runs the network the computer hosting the site is running on.
> If it's a paid web hosting site, the person responsible can be tracked down
> and pointed out to the proper authorities.
> 
> 
> --
> Michael C. Leone
> Lab Automation and Data Integration
> Information Services for Basic Research
> Michael_Leone at merck.com
> Work: 732-594-3900
> Cell: 908-278-9387
> 
> ----------------------------------------------------------------------------
> --
> Notice:  This e-mail message, together with any attachments, contains
> information of Merck & Co., Inc. (Whitehouse Station, New Jersey, USA),
> and/or
> its affiliates (which may be known outside the United States as Merck
> Frosst,
> Merck Sharp & Dohme or MSD) that may be confidential, proprietary
> copyrighted
> and/or legally privileged, and is intended solely for the use of the
> individual or entity named on this message.  If you are not the intended
> recipient, and have received this message in error, please immediately
> return
> this by e-mail and then delete it.
> ----------------------------------------------------------------------------
> --
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.506 / Virus Database: 303 - Release Date: 8/1/2003
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.506 / Virus Database: 303 - Release Date: 8/1/2003
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list