Customize

Site showing pictures of protesters!

Discussion in 'Help Iran Online' started by Unregistered, Jun 24, 2009.

  1. Hmm... my pyloris is having trouble grabbing open connections. Wonder why...

    Good work guys. Think I'll start in on بچه های قلم using the command line Anarchist provided and see what happens. For great justice.
  2. Cloak n Run Member

    High 5's all round good people :D

    Make sure as many of you as possible keep hitting them hard in around an half an hour onwards. Sun coming up in Iran then I think. Want these possessed sites unobtainable for the average person. Keep talking to each other and tweeking the commands.

    I'm in total awe!

    Night night.
  3. I run what i have when i can, some all the time, some only when i am not on the computer. Congratz to everyone for getting this sucker down but...........

    We need a better solution, this zombie keeps coming back and we need chuck norris to shoot it in the head and put it to rest.

    One good hack and i think everyone will be happy. Plz if chuck is reading this (or someone who would like to be the cyberworld chuck norris) give us a good hack and laugh and I think it will boost everyone's moral.
  4. brat Member

    sweet! gerdab still down ... excellent work :)
  5. OK I've been running this:

    python pyloris.py -l -r POST -s 500000 -g "/linkdump/011440.php" بچه های قلم

    The site seems sluggish now but still loads. If anyone can suggest some tweaks I'd be grateful. In the meantime I'm going to see what I can learn on my own.
  6. brat Member

    sites that are up w/pics

    hi all,

    I checked the list I have and these are the sites that still have pics up:
    (total of 6 sites)

    * جهان نيوز - عکس/ اغتشاش گران را شناسایی کنید
    Registrant:
    MyComp
    roheshab (hezbolllah@yahoo.com)
    Electrum 213
    Stockholm
    null,123456
    SE
    Tel. +46.855923

    174.133.41.68
    another planet IP
    RAbuseHandle: ABUSE271-ARIN
    RAbuseName: The Planet Abuse
    RAbusePhone: +1-281-714-3560
    abuse@theplanet.com


    عکس و اخبار آشوب و اغتشاش در تهران - اغتشاشگران را شناسایی کنید

    Whois Privacy Protection Service, Inc.
    Whois Agent (wcrqbwyt@whoisprivacyprotect.com)
    +1.4252740657
    Fax: +1.4256960234
    PMB 368, 14150 NE 20th St - F1
    C/O blogsky.com
    Bellevue, WA 98007
    US

    IP Addy: 74.55.26.91
    another planet ip
    RAbuseHandle: ABUSE271-ARIN
    RAbuseName: The Planet Abuse
    RAbusePhone: +1-281-714-3560
    RAbuseEmail: abuse@theplanet.com


    *درخواست سپاه از مردم براي معرفي آشوبگران + تصاوير مربوطه - نفت نيوز

    domain: naftnews.ir
    remarks: (Domain Holder) Toraj Borun
    remarks: (Domain Holder Address) No.68, 12 moalem st., Moalem st.,, Qom, IR, 3716943194
    admin-c: mi51-irnic
    tech-c: mi51-irnic
    zone-c: mi51-irnic
    nserver: ns11.mizban.com
    nserver: ns12.mizban.com
    source: IRNIC # Filtered

    IP: 75.125.214.178

    NetRange: 75.125.0.0 - 75.125.255.255
    CIDR: 75.125.0.0/16
    OriginAS: AS13749, AS13884, AS21844, AS30315
    OriginAS: AS36420
    NetName: NETBLK-THEPLANET-BLK-EV1-17
    NetHandle: NET-75-125-0-0-1
    Parent: NET-75-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS1.EV1SERVERS.NET
    NameServer: NS2.EV1SERVERS.NET
    Comment:
    RegDate: 2007-06-11
    Updated: 2008-02-28

    OrgAbuseHandle: ABUSE271-ARIN
    OrgAbuseName: The Planet Abuse
    OrgAbusePhone: +1-281-714-3560
    OrgAbuseEmail: abuse@theplanet.com

    *Iran20.com جامعه مجازی - محمد(maddog) رپ - همه بخواننداغتشاشگران را شناسايي كنيد فوری
    iran20.com:
    PrivacyProtect.org
    Domain Admin (contact@privacyprotect.org)
    P.O. Box 97
    Note - All Postal Mails Rejected, visit Privacyprotect.org
    Moergestel
    null,5066 ZH
    NL
    Tel. +45.36946676

    IP Addy: 64.20.42.68
    NetRange: 64.20.32.0 - 64.20.63.255
    CIDR: 64.20.32.0/19
    NetName: NJIIX
    NetHandle: NET-64-20-32-0-1
    Parent: NET-64-0-0-0-0
    NetType: Direct Allocation
    NameServer: DNS.TROULBE-FREE.NET
    NameServer: DNS2.TROUBLE-FREE.NET
    Comment: Please use abuse@trouble-free.net for all abuse reports.
    RegDate: 2005-04-07
    Updated: 2006-02-24


    *اغتشاشگران را معرفی کنید
    Iran HOST domain@iranhost.com +98.2188343213
    Roshangar Rayaneh Ltd.
    #4, No 22, Qabousnameh st. Motahari ave.
    Tehran,Tehran,IR 15888


    Domain Name:rasekhoon.net
    Record last updated at 2008-11-05 17:15:59
    Record created on 2007/11/18
    Record expired on 2009/11/18
    Domain servers in listed order:
    ns1.rasekhoon.net ns2.rasekhoon.net

    Administrator:
    8197914357
    Tehran
    Tehran,
    IR
    15888
    name Mohammad Sadegh Akbarizadegan)
    mail msakbari@yahoo.com) +98.9131042633

    IP: 38.117.65.193
    PSINet, Inc. PSINETA (NET-38-0-0-0-1)
    38.0.0.0 - 38.255.255.255
    PSINet, Inc. COGENT-NB-0002 (NET-38-112-0-0-1)
    38.112.0.0 - 38.119.255.255


    *:: وبلاگ خبری تحلیلی کوهسرخ - اين اغتشاشگران را معرفی کنید ::
    also a Cogent customer
    abuse@cogentco.com
  7. Let's get together and bring these down

    Let's bombard these DNS and ISP servers. I know Cogent is a US based company and working with Islamic Republic is against homeland security laws.
  8. Complain to ThePlanet

    ThePlanet hosting service is providing the web servers for a bunch of these sites. I chatted with someone in their customer services, and they said to direct complaints to

    ydonaldson@theplanet.com

    so, please send an email to complain - the more insistent the better.

    here is a partial list of the sites they are hosting. . . .

    http://www.jahannews.com/vdcaeynm.49nmy15kk4.txt

    http://ashoobnews.blogsky.com/1388/04/04/post-26/

    http://www.naftnews.ir/view-5810-انتخابات-آشوبگران-ميرحسين%20موسوي.html
  9. brat Member


    I sent an email to ydonaldson - thanks for the info! Cogent's email is abuse@cogentco.com - I did get some info that it would be helpful if multiple people complained.

    FYI for anyone sending in emails to abuse: I included the link to the report of the State & Treasury Departments news report including IRCG as a terrorist group (http://www.treasury.gov/press/releases/reports/hp644report.pdf). Figured it couldn't hurt!
  10. Vee Member

    Does anyone have a template that they are sending?
  11. this was my note - i'm sure it can be improved

    Subject: ATTENTION - ThePlanet is being used by IRAN to HUNT INNOCENT people.

    Dear Mr. Donaldson,

    It has come to my attention that ThePlanet it hosting several websites that are being used by the regime in Iran to hunt down participants in the peaceful protests there. I am sure you do not want to be associated with these kinds of heinous crimes - and so I kindly request that you shutdown these sites immediately. Every minute of availability means that some innocent person may be tortured or killed.

    Thank you for your attention. I will be checking on these sites regularly to make sure they cease operation (at least on your servers).

    Sincerely,

    XXX XXXX

    Here is the list of sites of which I am aware at the moment.

    http://www.jahannews.com/vdcaeynm.49nmy15kk4.txt

    http://ashoobnews.blogsky.com/1388/04/04/post-26/

    http://www.naftnews.ir/view-5810-انتخابات-آشوبگران-ميرحسين%20موسوي.html
  12. Letter to ThePlanet.com

    Doostan - I just put something together and emailed to abuse@theplanet.com and ydonaldson@theplanet.com - Please feel free to do the same...
    --------------------------
    Dear Mr. Donaldson,
    I am sure you have seen the recent post election events that are unfolding in Iran. Protesters are being met with most barbaric and inhumane response from Iranian regime’s security forces. Estimates show that over 2,000 of them have been detained in the past two weeks. Six people were executed this morning (7-1-09) in Iran’s notorious Evin prison and the rest of the detainees will be facing a similar fate, if lucky or if not, many years of incarceration, rape, daily beatings, electric shock and broken bones. Their crime: Simply asking for a fraction of the “Freedom” we all take for granted in this country.

    It has come to our attention that theplanet. Com is hosting a number of Iranian government sites actively trying to identify demonstrators from various pictures. These sites include:
    jahannews.com
    ashoobnews.blogsky.com
    naftnews.ir

    We strongly urge you to immediately suspend these sites. Not only for basic human morality and decency, but US government policy banns any US based company to do business with the government of Iran. Other companies such as Godaddy.com have taken steps to block Iranian regime from using their services. We hope that you take immediate actions to cease any cooperation and collaboration with the Iranian government as well.
  13. http://obash.info/ site really is an awful site

    and it is still up and running, it needs more fire power !!!

    http://obash.info/
  14. Vee Member

    Sent. I'm also a customer of the planet so played that angle too.
  15. obash.info is running on http://aryanic.com/

    from my limited knowledge it looks like obash.info is running on the webservers of http://aryanic.com/ - and those are likely to be well built, commercial, large capacity servers. what is worse, they probably serve many of the protesters blogs as well - so i'm not sure if it makes such a great target :(

    anyone want to clarify (i'm relying on google translate, and very little knowledge of iranian web space)? but for the moment, i'm calling off the dogs for fear of hurting the good guys while attempting to damage the bad ones. . . .
  16. just sent my emails to the planet, hope it works.

    DDOS will work on these sites if it is limited to the specific site. What will happen is we will either use up their bandwith limit and they will be shut down OR the host will shut them down because none of the other websites will be accessable, ie kill this one site to protect all the others.

    I say keep hitting gerdab.it and DDOS the heck out of these
  17. Attention: gerdab.ir is up again

    Gerdab.ir seems to have changed something in their setup. My pyloris attacks consistently get around a hundred worker threads, nut no open connections at all. But the website is loading, unfortunately. I can't explain, nor do I have a solution right now. Anyone?

    Don't waste time! Any moment, some regime-living Iranian may recognize one of the protesters in the pictures and send them to their doom.

    Update: It seems gerdab.ir just refuses all connections from my IP address. Does anyone know how to combine IP spoofing with *loris?
  18. Vee Member

    You could try piping it through tor via proxy chains but I think tor has a low socket limit.

    Maybe a free vpn service or SSH tunnel?
    Maybe try hotspotshield?
  19. Delphies Member

  20. We need a real hacker to take care of this

    Some pyloris connections have now opened up, but I can't visit gerdab.ir directly anymore (not that I would want to!). Most importantly, the suckers are biting the dust again.

    What would really help replacing the pictures with images of the dead and wounded. But it would take a real hacker to do that, and I'm just an average computer user with limited technical skills.

    In the meantime, I'll keep my little lorises lorising.
  21. Cloak n Run Member

    ThePlanet complaint sent!

    Also not the following international laws being broken:

    International Covenant of Civil and Political Rights (articles 6 & 7)

    Article 6

    1. Every human being has the inherent right to life. This right shall be protected by law. No one shall be arbitrarily deprived of his life.

    2. In countries which have not abolished the death penalty, sentence of death may be imposed only for the most serious crimes in accordance with the law in force at the time of the commission of the crime and not contrary to the provisions of the present Covenant and to the Convention on the Prevention and Punishment of the Crime of Genocide. This penalty can only be carried out pursuant to a final judgement rendered by a competent court.

    3. When deprivation of life constitutes the crime of genocide, it is understood that nothing in this article shall authorize any State Party to the present Covenant to derogate in any way from any obligation assumed under the provisions of the Convention on the Prevention and Punishment of the Crime of Genocide.

    4. Anyone sentenced to death shall have the right to seek pardon or commutation of the sentence. Amnesty, pardon or commutation of the sentence of death may be granted in all cases.

    5. Sentence of death shall not be imposed for crimes committed by persons below eighteen years of age and shall not be carried out on pregnant women.

    6. Nothing in this article shall be invoked to delay or to prevent the abolition of capital punishment by any State Party to the present Covenant.

    Article 7

    No one shall be subjected to torture or to cruel, inhuman or degrading treatment or punishment. In particular, no one shall be subjected without his free consent to medical or scientific experimentation.

    And the Universal Declaration of Human Rights article 5

    Article 5.
    No one shall be subjected to torture or to cruel, inhuman or degrading treatment or punishment.
  22. Gerdab is up. Take it down!

    Really, we need better hackers here. Funny thing is that the Gerdab people seem to think we are paid by the CIA -- if we were, we would probably do a better job! But that's not the way I want to look at it. Prove me wrong, my peers. Please! Lives are at stake.
  23. Gerdab is back up...i repeat: Backup

    Just so clarity isn't lost: [for the first time in a good while] Gerdab.ir is backup.
  24. Vee Member

    Are the DNS servers vulnerable to poisoning? Or that DNS exploit from last year?

    Need to find a new attack vector on this one. Any SQL injection exploits for joomla (yes the cheap bastards are using Joomla)?

    Heres some more info from another source

  25. splicer Henry

    I can report that pyloris is still grabbing open connections against gerdab for me, so I'll be keeping up the attack.

    Something has changed for me, but I'm not sure what. Seems like my network activity will suddenly drop to nothing after a while, even with open connections reported, and then I have to restart. Also I can't websurf easily while attacking now, which makes it hard to guage the effect I'm having on the intended target. I'm wondering if my ISP is doing some BW shaping on me now or something.

    If you feel you need a new IP (and mind you I have no idea if gerdab or anyone else has started banning IPs or not, but I saw that someone mentioned the possibility), this page has some pointers that might be helpful for some:

    How To Get A New IP For Craigslist | Elite Proxy

    Back to manning the lazers...
  26. Srpska Member

    PROTIP: International Law is bollocks because it can't be enforced against countries that don't want to play nice. All it is good for is getting Western so-called "liberals" upset that there are people in the world who do bad things. Which, while fun, is only of limited use.
  27. Ray Murphy Member

    Right. International law sounds nice but it is in reality it is not law, but only a contract that participating countries abide by until they decide not to abide by it.
  28. Oh my, that *is* different... I just ran the Perl version of slowloris in -test mode against gerdab.ir. It now suggests a -timeout setting of 30 seconds. Last time I ran it, it suggested 240.

    I don't know how consistent to expect these -test results to be, and I don't know how any difference would effect the pyloris command most of have been using (if at all). But I'm going to try the Perl version of slowloris with the suggested setting and see what happens.
  29. brat Member

    gerdab.ir still up

    just an update....
  30. OK, it seems to be down for me now (or incredibly sluggish, at least).
  31. brat Member

    :( works fine for me
  32. codicil live

    OK, in that case, brat, my working theory is that I managed to get myself IP-banned. I'll see if I can get a new IP issued and try again.
  33. Try : http://downforeveryoneorjustme.com/gerdab.ir
    It's gives you at least an idea whether it's up or not.

  34. Not an IP ban after all. I can again grab open connections in pyloris. Loads of 'em.

    Seems I'm experiencing too many inconsistencies and quirks to learn anything new here. :(
    I'll just sit back and lurk a while.
  35. brat Member

  36. We need more people running pyloris

    We can't keep gerdab.ir down if too few people participate. Please run a couple of pylorises!
  37. ThePlanet.com

    This is the entire theplanet.com board and executive names.
    Douglas Erwin Email The Planet CEO CFO VP @theplanet.com

    I don't see a Y Donaldson as one of the bloggers earlier named - I am sending emails and CC all of them for maximum effect as those three sites are still up.

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins