Asshat of the Day: Random Comcast Employee

July 30th, 2007 at 11:35 am by Sam
Tags: , , ,

Asshat of the DayI haven’t done an Asshat of the Day Award before but given the situation it seems warranted.

At 7:05AM EDT, a Denial of Service attack started from multiple open proxies from across the globe using a brute force password attack against a previously open service. This has been going on for weeks so it’s not a huge surprise that it eventually succeeded. At 7:21AM EDT, our “fan,” known only as “1 hAppY pUppY,” logged into a shell account and edited some critical files.

Hacked

[ Edit by Mark : WTF?  Pulled out the IP.  See comments! ]

Our brainiac (and I use this term with utmost facetiousness) came from 67.187.xx.xx (Hostname: c-67-187-xx-xx.hsd1.wa.comcast.net, Aliases: c-67-187-xx-xx.hsd1.tx.comcast.net, c-67-187-xx-xx.hsd1.tn.comcast.net).

Thank you, Random, soon-to-be-ex, Comcast Employee.

To try and pass your skill off as a script (“bl0GituD3 d3fAc3R 1.0b5 bY jT”) while making numerous typos is the mark of a true Genius. And leaving the logs, backup files and history was a brilliant move in that we would expect a hacker to cover his tracks. Leaving the “i” instead of changing it to a “1” in “bl0Gitud3” was a truly brilliant, personal touch. You went far to look like a dolt that we might underestimate your “mAd sk1LLz.”

No. I can’t even say that with a straight face.

You’re an Asshat.

Not the brightest bulb on the Christmas tree are you? You’ve only proven yourself to be a disingenuous coward. A brute-force script shows that you have neither skill nor finesse, and far too much time and personal anger on your hands.

Mark said it best the other day.

Some people need to get lives.They should start by getting off the Internet a few hours a day… The real world can be quite … titillating.

I think it should have read:

“Some people need to get laid.”


Wal-Mart.com USA, LLC

14 Responses to “Asshat of the Day: Random Comcast Employee”

  1. LissaKay Says:

    I know that IP addie … someone else has been hacked and is being used as a bot … stand by

  2. Doug McCaughan Says:

    Mark, that’s me!

  3. LissaKay Says:

    So Doug … since when did you become a L337 H@x0r???

  4. Mark Says:

    I’m back now …

    Jul 30 07:19:42 sshd[13014]: Connection closed by 67.187.xx.xx
    Jul 30 07:19:42 sshd[13015]: Invalid user root from 67.187.xx.xx
    Jul 30 07:19:42 sshd[13015]: input_userauth_request: invalid user root
    Jul 30 07:20:34 sshd[5740]: Accepted password for admin from 67.187.xx.xx port 2477 ssh2
    Jul 30 07:20:35 sshd[31676]: error: openpty: No such file or directory
    Jul 30 07:20:35 sshd[31676]: error: session_pty_req: session 0 alloc failed
    Jul 30 07:21:07 sshd[5740]: Accepted password for admin from 67.187.xx.xx port 2477 ssh2

    Verified by the shadow logs, along with multiple http requests for the Admin page.

    This is just sick.

  5. Doug McCaughan Says:

    I should clarify that I’m not your hacker…but that’s my ip address undeniably.

  6. Doug McCaughan Says:

    LissaKay: I have the knowledge but its not my style. Plus I’m too rusty at such things to be able to get away with it now a days. I will admit to knowing a wee bit about blueboxing from “da day” and I don’t mind admitting that in high school I randomly made a call or two to Rome on Ma Bell’s dime.

    Hacking like this is just vandalism and nothing much angers me more than vandalism and theft.

  7. Mark Says:

    This was clearly personal. And I am sick to death of this crap!

    Don’t worry, I wouldn’t think you were the culprit. I don’t do hostname-based logs — they’re all IP-based. And given your hostname resolution issues … do you lose connectivity often?

    Quite honestly, given all of that, it would certainly appear that “Random Comcast Employee” is looking more and more solid…

  8. LissaKay Says:

    This is just too bizarre … the coincidences are mind-boggling (I typo’d that as “bloggling” at first LOL!) Obviously, this person knows you two or something. Too weird.

  9. Daria Black Says:

    I agree with you, some people really do need to find something else to do besides be on the internet. I hope you are able to catch whoever it was and give them the spanking they deserve.

  10. Doug McCaughan Says:

    “do you lose connectivity often” I could check my irc logs. I probably drop a few times a week on a bad week but then may stay up a couple of weeks on end.

  11. Doug McCaughan Says:

    The funny thing about this one is that I had shut down most of our home network to increase performance of the cameras during blogathon. I literally pulled cables out of the walls to keep the kids from getting online.

  12. Mark Says:

    DDOS Take 2 from 71.203.228.12. I wonder which friend of mine that one is? *rolls eyes*

    BTW, ‘tard. If you’re reading this, stop. ssh & ftp are disabled, so even if you find the right password, you won’t know it, and it won’t get you anywhere.

  13. Mark Says:

    Amazing … I go away to de-stress, and get back to this crap.

    Whatever, I’m not gonna let this ruin my mood.

    Joke ’em if they can’t take a f#$*.

  14. Mark Says:

    Now that that’s stopped … I get Spam …

    Sent: Tuesday, July 31, 2007 3:03 PM
    To: mark steele

    On 2007-07-28, you submited xxxxxxx@xxxxxxx.com to receive email offers. We recorded your IP address 71.236.35.238 at the time of opt in.
    This is an advertisement.

    Ya know, seriously… Another local… Nice spelling, asshat.

    What really bothers me about this is the fact that everyone in the world doesn’t have my personal e-mail.