Blog for hpHosts, and whatever else I feel like writing about ....

Sunday, 12 October 2008

Russian Business Network fun in Italy, still present - and worse than originally thought

I'm sorry to say, I've had absolutely no response from the site owner, or hosting company for the site I mentioned previously that was hacked ( The injected code is still present, as can be seen by the following vURL query;

Even worse however, is that it doesn't appear this is limited to just the one site. Checking other sites on the same IP block, shows the same injected code, for example;

The following is a list of sites on the same IP block (

It's worth noting that not all of the above hosts are showing the injected code as being present. Whether this indicates a network wide issue, or the affected sites are just on the same server, is anyone's guess.

Until this is cleaned up however, I'd strongly recommend blacklisting this IP block.

In the meantime, if anyone reading this, happens to live in Italy and would like to try and get hold of the hosting company, their details are as follows;

inetnum: -
netname: GENESYS-NET
country: IT
admin-c: LC1294-RIPE
tech-c: EF1473-RIPE
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: AS1267-MNT
mnt-routes: AS1267-MNT
mnt-domains: AS1267-MNT
source: RIPE # Filtered

person: Luigi Corbacella
address: Via de Cattani, 224/18
address: 50145 Firenze (FI)
phone: +39 55 308189
fax-no: +39 55 301394
nic-hdl: LC1294-RIPE
source: RIPE # Filtered

person: Emil Fikl
address: Via de Cattani, 224-18
address: I-50145 Firenze (FI)
address: Italy
phone: +39 55 308189
fax-no: +39 55 301394
nic-hdl: EF1473-RIPE
source: RIPE # Filtered

:: Information related to ''

descr: Genesys Informatica S.r.l.
origin: AS24994
remarks: GENESYS-NET announce
mnt-by: AS1267-MNT
source: RIPE # Filtered

Thus far, attempts to contact them both via e-mail and via telephone, have failed miserably.

/edit Monday 13th October

I'd like to make clear, following a note on the forums, that it is only the single IP ( I recommend blocking, and not entire net-range.

No comments: