Kakers...the fake hacker that keeps on coming back

Kakers...the fake hacker that keeps on coming back

bryanstein's picture

Posted July 5th, 2008 by bryanstein





First I'd like all you guys know that SHellium does attempt to apprehend those who REPEATEDLY do malicious things on the shell. We have had users come to us in the past and claim there are vulnerabilities. Only ONE was correct, but he asked me not to tell his story so I won't.

We have had some trouble out of one particular user who keeps on registering names over and over again from different Ip's all which come from Macedonia. He and his friends may be the cause of us blocking the entire subnet 77.x.x.x in Macedonian(or does he have friends?).

This is what kakers does:

He logs in...sets up psybnc and pretends to be a normal users, then he downloads a bunch of brute force password crackers and runs them on the system. He gets caught EVERY time but he likes to come back and try everything all over again. Kakers has registered the users dpandurski, nullx, explode, gomes and Mustang. So far he has gotten at least 3 shell accounts, if he has access to different ip's then maybe he has had more.

If you know this guy or YOU are him...post a comment. Members please post a comment to let us know what you think, what should we do with a guy like this? There are over 50 users who have done similar things as KaKers...eventually we will tell ALL stories. Kakers will get a nice surprise once his ISP gets the notices that we sent them

THE WALL OF SHAME IS OFFICIALLY BACK

Here is some of KaKers info...anyone recognize that ip address?

Date Monday, June 30, 2008 - 15:18
User Mustang
Hostname 77.29.227.XXX
email: faik_baze@yahoo.com

Date Monday, June 30, 2008 - 15:35
User explode
Hostname 77.29.233.XXX
email: kristijan@badijala.com

nullx:
email: uname@cyber-wizard.com

dpandurski:
Date Monday, June 30, 2008 - 11:40
User dpandurski
Hostname 77.29.225.XXX

SHELL LOG IN INFO:

dpandurski ttyz8 62.162.63.XXX Sun Jun 29 14:29 - 14:33 (00:04)
kakers ttyr8 62.162.63.XXX Fri Jun 27 16:23 - 16:24 (00:01)
kakers ttyr8 62.162.63.XXX Fri Jun 27 16:225.XXX8 - 16:22 (00:03)
kakers ttyyc 62.162.63.XXX Fri Jun 27 16:16 - 16:17 (00:00)
kakers ttytc 62.162.63.XXX Fri Jun 27 16:14 - 16:14 (00:00)
kakers ttytc 62.162.63.XXX Fri Jun 27 16:14 - 16:14 (00:00)
kakers ttyyc 62.162.63.XXX Fri Jun 27 15:39 - 16:13 (00:34)

kakers ttytc 77.29.225.XXX Fri Jun 27 16:24 - 16:24 (00:00)
kakers ttyr8 62.162.63.XXX Fri Jun 27 16:23 - 16:24 (00:01)
kakers ttyr8 77.29.225.XXX Fri Jun 27 16:22 - 16:23 (00:00)
kakers ttytc 77.29.225.XXX Fri Jun 27 16:18 - 16:22 (00:03)
kakers ttyr8 62.162.63.XXX Fri Jun 27 16:18 - 16:22 (00:03)
kakers ttyyc 62.162.63.XXX Fri Jun 27 16:16 - 16:17 (00:00)
kakers ttytc 77.29.225.XXX Fri Jun 27 16:15 - 16:16 (00:01)
kakers ttytc 62.162.63.XXX Fri Jun 27 16:14 - 16:14 (00:00)
kakers ttytc 62.162.63.XXX Fri Jun 27 16:14 - 16:14 (00:00)
kakers ttyyc 62.162.63.XXX Fri Jun 27 15:39 - 16:13 (00:34)
kakers ttyr8 77.29.225.XXX Fri Jun 27 15:06 - 16:14 (01:08)
kakers ttype 77.29.225.XXX Fri Jun 27 13:15 - 13:28 (00:13)
kakers ttyu0 77.29.225.XXX Fri Jun 27 13:06 - 13:11 (00:04)
kakers ttyu0 77.29.225.XXX Fri Jun 27 13:01 - 13:06 (00:04)
kakers ttyqe 77.29.239.1XXX Fri Jun 27 11:52 - 12:11 (00:19)
dpandurs ttyxa 77.29.227.XXX Mon Jun 30 03:40 - 03:46 (00:05)
dpandurs ttyv9 77.29.227.XXX Mon Jun 30 03:04 - 03:39 (00:34)
dpandurs ttyu8 77.29.236.XXX Sun Jun 29 17:28 - 18:05 (00:36)
dpandurs ttyz0 77.29.236.XXX Sun Jun 29 14:55 - 15:19 (00:24)
dpandurs ttyxd 77.29.236.XXX Sun Jun 29 14:44 - 14:53 (00:09)
dpandurs ttyz3 77.29.236.XXX Sun Jun 29 14:34 - 14:43 (00:08)
dpandurs ttyz8 62.162.63.XXX Sun Jun 29 14:29 - 14:33 (00:04)
dpandurs ttyz7 77.29.236.XXX Sun Jun 29 14:29 - 14:30 (00:01)
dpandurs ttyq8 77.29.232.XXX Sun Jun 29 13:51 - 13:51 (00:00)
dpandurs ttyq8 77.29.232.XXX Sun Jun 29 13:49 - 13:51 (00:01)
dpandurs ttyz3 77.29.232.XXX Sun Jun 29 13:28 - 13:42 (00:13)
dpandurs ttyue 77.29.228.XXX Sat Jun 28 21:04 - 21:20 (00:15)
dpandurs ttyue 77.29.228.XXX Sat Jun 28 20:50 - 20:57 (00:06)
dpandurs ttyx9 77.29.228.XXX Sat Jun 28 20:20 - 20:55 (00:34)
dpandurs ttyx9 77.29.228.XXX Sat Jun 28 20:08 - 20:20 (00:11)
dpandurs ttyy2 77.29.230.XXX Sat Jun 28 16:37 - 16:39 (00:02)
dpandurs ttyz1 77.29.230.XXX Sat Jun 28 16:23 - 16:29 (00:05)
dpandurs ttyxd 77.29.230.XXX Sat Jun 28 16:14 - 16:15 (00:01)
dpandurs ttyxd 77.29.230.XXX Sat Jun 28 16:10 - 16:12 (00:02)
dpandurs ttyxd 77.29.230.XXX Sat Jun 28 16:02 - 16:09 (00:06)


Thanks

Hi Thanks for sharing the details with us Very kind of you casino en ligne

stewbiff's picture
Posted by stewbiff on Fri, 01/07/2011 - 05:57
his purpose?

I don't quite understand what benefit of using a shell account to run a bunch of password cracking utilities. Is that really what the guys intentions are? And why would would he keep returning to a site he that he already knows won't let him run his tools for brute password cracking.

n1cet1ts's picture
Posted by n1cet1ts on Wed, 09/01/2010 - 21:57
Syndicate
Syndicate content