203.81.204.105(14k Linux bots hosted in Pakistan Karachi South Cmbroadband Noc)

Big heckers big net.
Thnx to loadx and Yewnix for the ownage and exposing them.
Everything is inside the config file:

 /* Type of comments */  
 #Comment type 1 (Shell type)  
 // Comment type 2(C++ style)  
 /* Comment type 3 (C Style) */  
 #those lines are ignored by the ircd.  
 loadmodule "src/modules/commands.so";  
 #loadmodule "cloak.dll";  
 #include "help.conf";  
 #include "badwords.channel.conf";  
 #include "badwords.message.conf";  
 #include "badwords.quit.conf";  
 #include "spamfilter.conf";  
 me  
 {  
      name "hightimes.net";  
      info "It's 4:20 somewhere";  
      numeric 10;  
 };  
 admin {  
      "st0n3d";  
      "";  
      "Hav0c@hav0c.net";  
 };  
 class      clients  
 {  
      pingfreq 90;  
      maxclients 80000;  
      recvq 8000;  
      sendq 10000000;  
 };  
 class      servers  
 {  
    pingfreq 190;  
    maxclients 100;  
    sendq 3000000;  
    connfreq 100;  
 };  
 allow {  
      ip       *@*;  
      hostname    *@*;  
      class      clients;  
      maxperip 3;  
 };  
 oper JoeyJoeJo {  
      class      clients;  
      from {  
           userhost *@*;  
      };  
      password "HUIEFbjkey4587";  
 flags  
 {  
 netadmin;  
 services-admin;  
 admin;  
 can_rehash;  
 helpop;  
 can_globops;  
 can_wallops;  
 can_localroute;  
 can_localkill;  
 can_kline;  
 can_unkline;  
 can_localnotice;  
 can_globalroute;  
 can_globalkill;  
 can_globalnotice;  
 global;  
 can_zline;  
 can_gkline;  
 can_gzline;  
 get_umodew;  
 get_host;  
 can_override;  
 can_die;  
 can_restart;  
 };  
 swhois ".";  
 snomask kcfFjveGnNqSso;  
 };  
 set {  
      modes-on-join "+mstu";  
 };  
 set {  
      modes-on-join "+mstu";  
 };  
 listen     *:4042 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:8782 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:8080 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:3562 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:2156 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:49287 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:8003-8005 {  
 options {  
           clientsonly;  
      };   
      };  
 listen *:6640 { options { serversonly; }; };  
 allow channel { channel "#king"; };  
 allow channel { channel "##420##"; };  
 allow channel { channel "##blah3##"; };  
 allow channel { channel "#shitface"; };  
 allow channel { channel "#hav0c.c0ntr0l"; };  
 allow channel { channel "##blahinfo##"; };  
 allow channel { channel "#shithead"; };  
 deny channel {  
      channel "##vnc##";  
      reason ".";  
 };  
 ulines {  
      core.net;  
      control.net;  
     havok.net;  
      insane.net;  
     owned.net;  
     drones.net;  
     ganja.net;  
     busybox.net;  
     hightimes.net;  
     heisenburg.net;  
     Services.CoreIRC.net;  
     superuser.net;  
 };  
 link Services.CoreIRC.net  
 {  
   username *;  
   hostname 176.31.123.56;  
   bind-ip *;  
   port 6640;  
   leaf *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link core.net  
 {  
   username *;  
   hostname 116.118.109.132;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link havok.net  
 {  
   username *;  
   hostname 203.81.204.105;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link insane.net  
 {  
   username *;  
   hostname 24.180.245.237;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link owned.net  
 {  
   username *;  
   hostname 118.97.194.250;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link drones.net  
 {  
   username *;  
   hostname 121.127.226.84;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link ganja.net  
 {  
   username *;  
   hostname 93.51.156.24;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link busybox.net  
 {  
   username *;  
   hostname 115.84.102.205;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link heisenburg.net  
 {  
   username *;  
   hostname 163.22.49.114;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link superuser.net  
 {  
   username *;  
   hostname 117.239.10.19;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 drpass {  
      restart "restartbitch";  
      die "diebitch";  
 };  
 tld {  
      mask *@*;  
      motd "motd.conf";  
      rules "rules.conf";  
 };  
 set {  
      network-name           "CoreIRC";  
      default-server           "CoreIRC.net";  
      services-server      "services.CoreIRC.net";  
      stats-server           "stats.CoreIRC.net";  
      help-channel           ".";  
      hiddenhost-prefix     "hav0c";  
      /* prefix-quit           "dead.."; */  
      cloak-keys {  
           96266;  
           38373;  
           32330;  
      };  
      hosts {  
           local          ".";  
           global          ".";  
           coadmin          "127.0.0.1";  
           admin          "127.0.0.1";  
           servicesadmin      "127.0.0.1";  
           netadmin      "127.0.0.1";  
           host-on-oper-up "yes";  
      };  
 };  
 set {  
      kline-address "hav0c@hav0c.net";  
     auto-join "#hangout";  
      modes-on-connect "+i-x";  
      modes-on-oper      "+xwgs";  
      oper-auto-join "#corecontrol";  
      dns {  
           nameserver 127.0.0.1;  
           timeout 2s;  
           retries 2;  
      };  
      options {  
           hide-ulines;  
      };  
      maxchannelsperuser 50;  
      anti-spam-quit-message-time 10s;  
      oper-only-stats "*";  
      throttle {  
           connections 30;  
           period 60s;  
      };  
      anti-flood {  
           nick-flood 10:60;  
      };  
 };  

5 min later they changed opers passwod lol :

 /* Type of comments */  
 #Comment type 1 (Shell type)  
 // Comment type 2(C++ style)  
 /* Comment type 3 (C Style) */  
 #those lines are ignored by the ircd.  
 loadmodule "src/modules/commands.so";  
 #loadmodule "cloak.dll";  
 #include "help.conf";  
 #include "badwords.channel.conf";  
 #include "badwords.message.conf";  
 #include "badwords.quit.conf";  
 #include "spamfilter.conf";  
 me  
 {  
      name "ganja.net";  
      info "puff, puff, pass... ";  
      numeric 8;  
 };  
 admin {  
      "st0n3d";  
      "";  
      "Hav0c@hav0c.net";  
 };  
 class      clients  
 {  
      pingfreq 90;  
      maxclients 80000;  
      recvq 8000;  
      sendq 10000000;  
 };  
 class      servers  
 {  
    pingfreq 190;  
    maxclients 100;  
    sendq 3000000;  
    connfreq 100;  
 };  
 allow {  
      ip       *@*;  
      hostname    *@*;  
      class      clients;  
      maxperip 3;  
 };  
 oper Admin {  
      class      clients;  
      from {  
           userhost *@*;  
      };  
      password "5JrePnFG^&*&#kyFYD";  
      flags  
 {  
 netadmin;  
 services-admin;  
 admin;  
 can_rehash;  
 helpop;  
 can_globops;  
 can_wallops;  
 can_localroute;  
 can_localkill;  
 can_kline;  
 can_unkline;  
 can_localnotice;  
 can_globalroute;  
 can_globalkill;  
 can_globalnotice;  
 global;  
 can_zline;  
 can_gkline;  
 can_gzline;  
 get_umodew;  
 get_host;  
 can_override;  
 };  
 swhois ".";  
 snomask kcfFjveGnNqSso;  
 };  
 oper Reeko {  
      class      clients;  
      from {  
           userhost *@*;  
      };  
      password "BXDI4459%$!";  
 flags  
 {  
 netadmin;  
 services-admin;  
 admin;  
 can_rehash;  
 helpop;  
 can_globops;  
 can_wallops;  
 can_localroute;  
 can_localkill;  
 can_kline;  
 can_unkline;  
 can_localnotice;  
 can_globalroute;  
 can_globalkill;  
 can_globalnotice;  
 global;  
 can_zline;  
 can_gkline;  
 can_gzline;  
 get_umodew;  
 get_host;  
 can_override;  
 can_die;  
 can_restart;  
 };  
 swhois ".";  
 snomask kcfFjveGnNqSso;  
 };  
 oper Jorgee {  
      class      clients;  
      from {  
           userhost *@*;  
      };  
      password "JHFoIS87hjeu4FE8";  
 flags  
 {  
 netadmin;  
 services-admin;  
 admin;  
 can_rehash;  
 helpop;  
 can_globops;  
 can_wallops;  
 can_localroute;  
 can_localkill;  
 can_kline;  
 can_unkline;  
 can_localnotice;  
 can_globalroute;  
 can_globalkill;  
 can_globalnotice;  
 global;  
 can_zline;  
 can_gkline;  
 can_gzline;  
 get_umodew;  
 get_host;  
 can_override;  
 can_die;  
 can_restart;  
 };  
 swhois ".";  
 snomask kcfFjveGnNqSso;  
 };  
 oper mikej0nes {  
      class      clients;  
      from {  
           userhost *@*;  
      };  
      password "HJKLgyuFTYUo87B678#&^@";  
      flags  
      {  
          global;  
          local;  
          admin;  
          helpop;  
          can_wallops;  
          can_globops;  
          can_localroute;  
          can_globalroute;  
          can_localkill;  
          can_globalkill;  
          can_kline;  
          can_gzline;  
          can_gkline;  
          can_unkline;  
          can_localnotice;  
          can_globalnotice;  
          coadmin;  
          services-admin;  
          get_umodew;  
          get_host;  
          can_override;  
      };  
 };  
 set {  
      modes-on-join "+mstu";  
 };  
 listen     *:8782 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:8080 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:4042 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:3562 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:2156 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:49287 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:8003-8005 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:1865 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:1866 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:7777 {  
 options {  
           clientsonly;  
      };   
      };  
 listen     *:6667 {  
 options {  
           clientsonly;  
      };   
      };  
 listen *:6640 { options { serversonly; }; };  
 allow channel { channel "#king"; };  
 allow channel { channel "##420##"; };  
 allow channel { channel "##blah3##"; };  
 allow channel { channel "#shitface"; };  
 allow channel { channel "#hav0c.c0ntr0l"; };  
 allow channel { channel "##blahinfo##"; };  
 allow channel { channel "#shithead"; };  
 deny channel {  
      channel "##vnc##";  
      reason ".";  
 };  
 ulines {  
      core.net;  
      control.net;  
     havok.net;  
      insane.net;  
     owned.net;  
     drones.net;  
     ganja.net;  
     busybox.net;  
     hightimes.net;  
     heisenburg.net;  
     Services.CoreIRC.net;  
     superuser.net;  
 };  
 link Services.CoreIRC.net  
 {  
   username *;  
   hostname 176.31.123.56;  
   bind-ip *;  
   port 6640;  
   leaf *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link core.net  
 {  
   username *;  
   hostname 116.118.109.132;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link havok.net  
 {  
   username *;  
   hostname 203.81.204.105;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link insane.net  
 {  
   username *;  
   hostname 24.180.245.237;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link owned.net  
 {  
   username *;  
   hostname 118.97.194.250;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link drones.net  
 {  
   username *;  
   hostname 121.127.226.84;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link busybox.net  
 {  
   username *;  
   hostname 115.84.102.205;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link hightimes.net  
 {  
   username *;  
   hostname 210.51.188.155;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link heisenburg.net  
 {  
   username *;  
   hostname 163.22.49.114;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 link superuser.net  
 {  
   username *;  
   hostname 117.239.10.19;  
   bind-ip *;  
   port 6640;  
   hub *;  
   password-connect "c0r3";  
   password-receive "c0r3";  
   class servers;  
   options {  
      };  
 };  
 drpass {  
      restart "restartbitch";  
      die "diebitch";  
 };  
 tld {  
      mask *@*;  
      motd "motd.conf";  
      rules "rules.conf";  
 };  
 set {  
      network-name           "CoreIRC";  
      default-server           "CoreIRC.net";  
      services-server      "services.CoreIRC.net";  
      stats-server           "stats.CoreIRC.net";  
      help-channel           ".";  
      hiddenhost-prefix     "hav0c";  
      /* prefix-quit           "dead.."; */  
      cloak-keys {  
           96266;  
           38373;  
           32330;  
      };  
      hosts {  
           local          ".";  
           global          ".";  
           coadmin          "127.0.0.1";  
           admin          "127.0.0.1";  
           servicesadmin      "127.0.0.1";  
           netadmin      "127.0.0.1";  
           host-on-oper-up "yes";  
      };  
 };  
 set {  
      kline-address "hav0c@hav0c.net";  
     auto-join "#hangout";  
      modes-on-connect "+i-x";  
      modes-on-oper      "+xwgs";  
      oper-auto-join "#corecontrol";  
      dns {  
           nameserver 127.0.0.1;  
           timeout 2s;  
           retries 2;  
      };  
      options {  
           hide-ulines;  
      };  
      maxchannelsperuser 50;  
      anti-spam-quit-message-time 10s;  
      oper-only-stats "*";  
      throttle {  
           connections 30;  
           period 60s;  
      };  
      anti-flood {  
           nick-flood 10:60;  
      };  
 };  

More action:

 [07:40] Quit:st0n3d (st0n3d@91.121.161.52) quits (User has been permanently banned from CoreIRC (no reason)) (7:40pm)  his real ip when he got glined by loadx who allready owned the server.

Channels:

#exploit# ?@#sshow ?#x00 ?##ssh ?@#l ?@#f ?#main ?#eshu ?@#rage ?@#windows ?@#snowz# ?#boss @#corecontrol ?#scannerx ?@#s ?@#r# ?@#p ?#ngrz ?@##scaninfo## #hangout

Hosting infos:
http://whois.domaintools.com/203.81.204.105