It seems the RBN are having a little fun in Italy at the moment. I came across the following website that appears to have been hacked;
The code thats been added is;
And just below the closing HTML tag;
This decodes to;
suvcnt.com is not surprisingly, sharing an IP block with 330 other nasties;
... and perhaps even less surprising, is the IP blocks owner;
Yuppers folks - it's Enom, otherwise known as the absolute joke I blogged about previously.
18.104.22.168 however, which you may have noticed, is also contacted, courtesy of;
.... this is the one we're interested in here. The reason we're interested in this, is it's owner;
Recognize the name? There's no domains on this IP at present by the looks of it (or at least, none on the hpHosts database, and querying via passive DNS showed no hits), but I'll be watching.
Sadly, attempts to obtain the content of the RBN URL failed (server connection error), but in the meantime, obiettivorisarcimento.it have been contacted and notified that their server has been compromised, and I'll be monitoring it to ensure it's cleaned up (if anyone reading this, happens to be Italy, feel free to give them a call and let them know - just incase the email takes a while to get through).