Just a warning. This ip address 84.165.111.238 has been trying to log in to one of my admin panels.
Sep 21, 2005, 7:04 AM
Veteran / Moderator (18436 posts)
Sep 21, 2005, 7:04 AM
Post #2 of 10
Views: 8336
Hi,
Yeah, we've had a lot of them too.
http://ripe.net/...=0&submit=Search
Its a german site, who try and do a PR boost via adding crap into your home tempalte.
A couple of our installations were compramised (nothing major, fortunatly, and its all be fixed up now).
They rely on people using weak passwords, such as "admin" and "admin", or "admin" and "1234". Yet another reason for people to be more alert in terms of what they use to protect their admin panels with =)
NB: You can send an abuse report here:
remarks: * Abuse Contact: http://www.t-com.de/ip-abuse in case of Spam, *
remarks: * Hack Attacks, Illegal Activity, Violation, Scans, Probes, etc. *
remarks: ******************************************************************
I've already sent several, and I'm sure others have too. Unfortunatly, appart from banning their entire IP range in Apache, there isn't a lot you can do
Cheers
Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Yeah, we've had a lot of them too.
http://ripe.net/...=0&submit=Search
Its a german site, who try and do a PR boost via adding crap into your home tempalte.
A couple of our installations were compramised (nothing major, fortunatly, and its all be fixed up now).
They rely on people using weak passwords, such as "admin" and "admin", or "admin" and "1234". Yet another reason for people to be more alert in terms of what they use to protect their admin panels with =)
NB: You can send an abuse report here:
Quote:
emarks: ****************************************************************** remarks: * Abuse Contact: http://www.t-com.de/ip-abuse in case of Spam, *
remarks: * Hack Attacks, Illegal Activity, Violation, Scans, Probes, etc. *
remarks: ******************************************************************
I've already sent several, and I'm sure others have too. Unfortunatly, appart from banning their entire IP range in Apache, there isn't a lot you can do
Cheers
Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Sep 21, 2005, 7:23 AM
User (339 posts)
Sep 21, 2005, 7:23 AM
Post #4 of 10
Views: 8357
Hi, just as warning
Last night from this ip: 193.64.64.58 (somewhere in Finland) i've encountered a lot of hack attempts in my forum admin, community and also a various other scripts.
The scanned all my network even workstations with this crap
Cheers,
Boris
Facebook, Twitter and Google+ Auth for GLinks and GCommunity | reCAPTCHA for GLinks | Free GLinks Plugins
Last night from this ip: 193.64.64.58 (somewhere in Finland) i've encountered a lot of hack attempts in my forum admin, community and also a various other scripts.
The scanned all my network even workstations with this crap
Cheers,
Boris
Facebook, Twitter and Google+ Auth for GLinks and GCommunity | reCAPTCHA for GLinks | Free GLinks Plugins
Sep 21, 2005, 7:33 AM
Veteran / Moderator (18436 posts)
Sep 21, 2005, 7:33 AM
Post #5 of 10
Views: 8316
Yeah, people keep trying this recently :(
I'd suggest blocking them in Apache;
DENY FROM 193.64.65.*
DENY FROM 193.64.66.*
DENY FROM 193.64.67.*
DENY FROM 193.64.68.*
DENY FROM 193.64.69.*
DENY FROM 193.64.70.*
DENY FROM 193.64.71.*
DENY FROM 193.64.72.*
DENY FROM 193.64.73.*
DENY FROM 193.64.74.*
DENY FROM 193.64.75.*
DENY FROM 193.64.76.*
DENY FROM 193.64.77.*
DENY FROM 193.64.78.*
DENY FROM 193.64.79.*
Hope that helps.
Cheers
Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
I'd suggest blocking them in Apache;
Quote:
DENY FROM 193.64.64.* DENY FROM 193.64.65.*
DENY FROM 193.64.66.*
DENY FROM 193.64.67.*
DENY FROM 193.64.68.*
DENY FROM 193.64.69.*
DENY FROM 193.64.70.*
DENY FROM 193.64.71.*
DENY FROM 193.64.72.*
DENY FROM 193.64.73.*
DENY FROM 193.64.74.*
DENY FROM 193.64.75.*
DENY FROM 193.64.76.*
DENY FROM 193.64.77.*
DENY FROM 193.64.78.*
DENY FROM 193.64.79.*
Hope that helps.
Cheers
Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Sep 21, 2005, 7:45 AM
User (339 posts)
Sep 21, 2005, 7:45 AM
Post #6 of 10
Views: 8307
Yeah Andy,
I have already done this, just wanted to alert the people for them.
p.s. I suggest to put this to your .htaccess guys
, and hey Andy this one is simple 
Cheers,
Boris
Facebook, Twitter and Google+ Auth for GLinks and GCommunity | reCAPTCHA for GLinks | Free GLinks Plugins
I have already done this, just wanted to alert the people for them.
p.s. I suggest to put this to your .htaccess guys
, and hey Andy this one is simple Quote:
deny from 193.64.64.0/255.255.240.0Cheers,
Boris
Facebook, Twitter and Google+ Auth for GLinks and GCommunity | reCAPTCHA for GLinks | Free GLinks Plugins
Oct 10, 2005, 9:45 AM
Veteran (1240 posts)
Oct 10, 2005, 9:45 AM
Post #7 of 10
Views: 8128
>>> deny from 193.64.64.0/255.255.240.0
Or, even more succinct: deny from 193.64.64.0/28
dave
Big Cartoon DataBase
Big Comic Book DataBase
Or, even more succinct: deny from 193.64.64.0/28
dave
Big Cartoon DataBase
Big Comic Book DataBase
Oct 11, 2005, 12:10 AM
User (339 posts)
Oct 11, 2005, 12:10 AM
Post #8 of 10
Views: 8078
Is this work?
While i read the apache manuals, haven't seen support for this type of netmask
May be i must go deeper.
Cheers,
Boris
Facebook, Twitter and Google+ Auth for GLinks and GCommunity | reCAPTCHA for GLinks | Free GLinks Plugins
While i read the apache manuals, haven't seen support for this type of netmask
May be i must go deeper.
Cheers,
Boris
Facebook, Twitter and Google+ Auth for GLinks and GCommunity | reCAPTCHA for GLinks | Free GLinks Plugins
Oct 11, 2005, 6:14 AM
Veteran (1240 posts)
Oct 11, 2005, 6:14 AM
Post #9 of 10
Views: 8079
Actually, I do not know specifically if Apache will use that format- But I do use it in ipfw in FreeBSD for blocking unwanted IP's... works fine there.
dave
Big Cartoon DataBase
Big Comic Book DataBase
dave
Big Cartoon DataBase
Big Comic Book DataBase
Oct 11, 2005, 6:23 AM
User (339 posts)
Oct 11, 2005, 6:23 AM
Post #10 of 10
Views: 8028
Ah
In that case Yes
This will work fine, but here we started mention, case with the .htaccess to deny from apache side.
But your solution is very good in case you have control over the whole machine, not only the site
Cheers,
Boris
Facebook, Twitter and Google+ Auth for GLinks and GCommunity | reCAPTCHA for GLinks | Free GLinks Plugins
In that case Yes
This will work fine, but here we started mention, case with the .htaccess to deny from apache side.
But your solution is very good in case you have control over the whole machine, not only the site
Cheers,
Boris
Facebook, Twitter and Google+ Auth for GLinks and GCommunity | reCAPTCHA for GLinks | Free GLinks Plugins