Как я позорно деактивировал ботнет
Starting Nmap 6.47 (nmap.org) at 2014–08–25 17:17 MSKNSE: Loaded 118 scripts for scanning.NSE: Script Pre-scanning.Initiating Ping Scan at 17:17Scanning i-avito.com (91.237.198.115) [2 ports]Completed Ping Scan at 17:17, 0.07s elapsed (1 total hosts)Initiating Parallel DNS resolution of 1 host. at 17:17Completed Parallel DNS resolution of 1 host. at 17:17, 0.00s elapsedInitiating Connect Scan at 17:17Scanning i-avito.com (91.237.198.115) [1000 ports]Discovered open port 22/tcp on 91.237.198.115Discovered open port 993/tcp on 91.237.198.115Discovered open port 80/tcp on 91.237.198.115Discovered open port 3306/tcp on 91.237.198.115Discovered open port 143/tcp on 91.237.198.115Discovered open port 110/tcp on 91.237.198.115Discovered open port 21/tcp on 91.237.198.115Discovered open port 53/tcp on 91.237.198.115Discovered open port 25/tcp on 91.237.198.115Discovered open port 443/tcp on 91.237.198.115Discovered open port 587/tcp on 91.237.198.115Discovered open port 995/tcp on 91.237.198.115Discovered open port 2222/tcp on 91.237.198.115Completed Connect Scan at 17:17, 3.42s elapsed (1000 total ports)Initiating Service scan at 17:17Scanning 13 services on i-avito.com (91.237.198.115)Completed Service scan at 17:17, 19.97s elapsed (13 services on 1 host)NSE: Script scanning 91.237.198.115.Initiating NSE at 17:17Completed NSE at 17:18, 19.50s elapsedNmap scan report for i-avito.com (91.237.198.115)Host is up (0.094s latency).Not shown: 987 closed portsPORT STATE SERVICE VERSION21/tcp open ftp ProFTPD 1.3.4b22/tcp open ssh OpenSSH 5.3 (protocol 2.0)| ssh-hostkey:| 1024 59: e1:13: d2: a5: e5: bd:50:27: b7:08:8e: d7:42:8d:24 (DSA)| 2048 c3:23: b1:6e: fd: ce: b5:76:5d:2b:32:8a:47:61: d7:44 (RSA)|_ 256 c4:36:5f: c3:31:1d: e1:60:70: b2:4e:9b:8e:3e: d1:79 (ECDSA)25/tcp open smtp Exim smtpd 4.76| smtp-commands: s.ee Hello i-avito.com [95.215.45.33], SIZE 20971520, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP| ssl-cert: Subject: commonName=localhost/organizationName=none/stateOrProvinceName=Someprovince/countryName=GB| Issuer: commonName=localhost/organizationName=none/stateOrProvinceName=Someprovince/countryName=GB| Public Key type: rsa| Public Key bits: 1024| Not valid before: 2011–07–19T08:56:59+00:00| Not valid after: 2038–12–03T08:56:59+00:00| MD5: 7ca0 14bc e517 e437 b49c aca7 17cc fbc6|_SHA-1: 77bc fd19 856a a562 f719 604a 0461 2093 b012 5405|_ssl-date: 2014–08–25T13:18:58+00:00; +1m10s from local time.53/tcp open domain| dns-nsid:|_ bind.version: 9.8.2rc1-RedHat-9.8.2–0.23.rc1.el6_5.180/tcp open http Apache httpd 2|_http-methods: No Allow or Public header in OPTIONS response (status code 302)| http-title: 404 Not Found|_Requested resource was 91.237.198.115/avito.apk110/tcp open pop3 Dovecot DirectAdmin pop3d|_pop3-capabilities: UIDL RESP-CODES USER AUTH-RESP-CODE TOP SASL (PLAIN) CAPA PIPELINING STLS143/tcp open imap Dovecot imapd|_imap-capabilities: post-login have LOGIN-REFERRALS ENABLE ID IDLE IMAP4rev1 Pre-login more AUTH=PLAINA0001 LITERAL+ OK SASL-IR capabilities listed STARTTLS443/tcp open ssl/http Apache httpd 2|_http-methods: OPTIONS GET HEAD POST|_http-title: Secured Home of deskdistributor.com| ssl-cert: Subject: commonName=localhost/organizationName=none/stateOrProvinceName=Someprovince/countryName=US| Issuer: commonName=localhost/organizationName=none/stateOrProvinceName=Someprovince/countryName=US| Public Key type: rsa| Public Key bits: 1024| Not valid before: 2014–06–27T11:21:26+00:00| Not valid after: 2041–11–11T11:21:26+00:00| MD5: 5987 e508 bab7 b23c 16a7 2822 53f5 2ae2|_SHA-1: d6f2 1c00 dcea f10c c049 02ed 2058 0376 619d eb60|_ssl-date: 2014–08–25T13:18:57+00:00; +1m09s from local time.587/tcp open smtp Exim smtpd 4.76| smtp-commands: s.ee Hello i-avito.com [95.215.45.33], SIZE 20971520, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP| ssl-cert: Subject: commonName=localhost/organizationName=none/stateOrProvinceName=Someprovince/countryName=GB| Issuer: commonName=localhost/organizationName=none/stateOrProvinceName=Someprovince/countryName=GB| Public Key type: rsa| Public Key bits: 1024| Not valid before: 2011–07–19T08:56:59+00:00| Not valid after: 2038–12–03T08:56:59+00:00| MD5: 7ca0 14bc e517 e437 b49c aca7 17cc fbc6|_SHA-1: 77bc fd19 856a a562 f719 604a 0461 2093 b012 5405|_ssl-date: 2014–08–25T13:18:57+00:00; +1m10s from local time.993/tcp open ssl/imap Dovecot DirectAdmin imapd|_imap-capabilities: have LOGIN-REFERRALS ENABLE ID IDLE IMAP4rev1 Pre-login more AUTH=PLAINA0001 LITERAL+ post-login SASL-IR capabilities listed OK| ssl-cert: Subject: commonName=localhost/organizationName=none/stateOrProvinceName=Someprovince/countryName=GB| Issuer: commonName=localhost/organizationName=none/stateOrProvinceName=Someprovince/countryName=GB| Public Key type: rsa| Public Key bits: 1024| Not valid before: 2011–07–19T08:56:59+00:00| Not valid after: 2038–12–03T08:56:59+00:00| MD5: 7ca0 14bc e517 e437 b49c aca7 17cc fbc6|_SHA-1: 77bc fd19 856a a562 f719 604a 0461 2093 b012 5405|_ssl-date: 2014–08–25T13:18:57+00:00; +1m10s from local time.995/tcp open ssl/pop3 Dovecot DirectAdmin pop3d|_pop3-capabilities: AUTH-RESP-CODE SASL (PLAIN) CAPA TOP UIDL RESP-CODES PIPELINING USER| ssl-cert: Subject: commonName=localhost/organizationName=none/stateOrProvinceName=Someprovince/countryName=GB| Issuer: commonName=localhost/organizationName=none/stateOrProvinceName=Someprovince/countryName=GB| Public Key type: rsa| Public Key bits: 1024| Not valid before: 2011–07–19T08:56:59+00:00| Not valid after: 2038–12–03T08:56:59+00:00| MD5: 7ca0 14bc e517 e437 b49c aca7 17cc fbc6|_SHA-1: 77bc fd19 856a a562 f719 604a 0461 2093 b012 5405|_ssl-date: 2014–08–25T13:18:57+00:00; +1m09s from local time.2222/tcp open http DirectAdmin httpd 1.33.6 (Registered to superb)|_http-favicon: Unknown favicon MD5: 3AE13A3A9C0634B29A2667DCFFC69D87|_http-methods: No Allow or Public header in OPTIONS response (status code 404)|_http-title: DirectAdmin Login3306/tcp open mysql MySQL 5.5.31| mysql-info:| Protocol: 53| Version: .5.31| Thread ID: 63436701| Capabilities flags: 63487| Some Capabilities: SupportsLoadDataLocal, Speaks41ProtocolNew, Speaks41ProtocolOld, SupportsTransactions, ConnectWithDatabase, IgnoreSpaceBeforeParenthesis, FoundRows, SupportsCompression, DontAllowDatabaseTableColumn, InteractiveClient, Support41Auth, ODBCClient, IgnoreSigpipes, LongPassword, LongColumnFlag| Status: Autocommit|_ Salt: ![, d7#H«o.2Q«T^^?]9BService Info: Host: s.ee; OS: UnixNSE: Script Post-scanning.Initiating NSE at 17:18Completed NSE at 17:18, 0.00s elapsedRead data files from: /usr/bin/…/share/nmapService detection performed. Please report any incorrect results at nmap.org/submit/.Nmap done: 1 IP address (1 host up) scanned in 43.49 seconds
