Gossamer Forum
Home : Products : Gossamer Links : Discussions :

Hacking attempt

Quote Reply
Hacking attempt
Just a warning. This ip address 84.165.111.238 has been trying to log in to one of my admin panels.
Quote Reply
Re: [afinlr] Hacking attempt In reply to
Hi,

Yeah, we've had a lot of them too.

http://ripe.net/...=0&submit=Search

Its a german site, who try and do a PR boost via adding crap into your home tempalte.

A couple of our installations were compramised (nothing major, fortunatly, and its all be fixed up now).

They rely on people using weak passwords, such as "admin" and "admin", or "admin" and "1234". Yet another reason for people to be more alert in terms of what they use to protect their admin panels with =)

NB: You can send an abuse report here:

Quote:
emarks: ******************************************************************
remarks: * Abuse Contact: http://www.t-com.de/ip-abuse in case of Spam, *
remarks: * Hack Attacks, Illegal Activity, Violation, Scans, Probes, etc. *
remarks: ******************************************************************

I've already sent several, and I'm sure others have too. Unfortunatly, appart from banning their entire IP range in Apache, there isn't a lot you can do Unsure

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] Hacking attempt In reply to
Thanks Andy - I just reported them.
Quote Reply
Re: [afinlr] Hacking attempt In reply to
Hi, just as warning

Last night from this ip: 193.64.64.58 (somewhere in Finland) i've encountered a lot of hack attempts in my forum admin, community and also a various other scripts.

The scanned all my network even workstations with this crap Mad

Cheers,
Boris

Facebook, Twitter and Google+ Auth for GLinks and GCommunity | reCAPTCHA for GLinks | Free GLinks Plugins
Quote Reply
Re: [eupos] Hacking attempt In reply to
Yeah, people keep trying this recently :(

I'd suggest blocking them in Apache;

Quote:
DENY FROM 193.64.64.*
DENY FROM 193.64.65.*
DENY FROM 193.64.66.*
DENY FROM 193.64.67.*
DENY FROM 193.64.68.*
DENY FROM 193.64.69.*
DENY FROM 193.64.70.*
DENY FROM 193.64.71.*
DENY FROM 193.64.72.*
DENY FROM 193.64.73.*
DENY FROM 193.64.74.*
DENY FROM 193.64.75.*
DENY FROM 193.64.76.*
DENY FROM 193.64.77.*
DENY FROM 193.64.78.*
DENY FROM 193.64.79.*

Hope that helps.

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] Hacking attempt In reply to
Yeah Andy,

I have already done this, just wanted to alert the people for them.

p.s. I suggest to put this to your .htaccess guys Frown, and hey Andy this one is simple Wink

Quote:
deny from 193.64.64.0/255.255.240.0

Cheers,
Boris

Facebook, Twitter and Google+ Auth for GLinks and GCommunity | reCAPTCHA for GLinks | Free GLinks Plugins
Quote Reply
Re: [eupos] Hacking attempt In reply to
>>> deny from 193.64.64.0/255.255.240.0

Or, even more succinct: deny from 193.64.64.0/28
dave

Big Cartoon DataBase
Big Comic Book DataBase
Quote Reply
Re: [carfac] Hacking attempt In reply to
Is this work?

While i read the apache manuals, haven't seen support for this type of netmask Unsure

May be i must go deeper.

Cheers,
Boris

Facebook, Twitter and Google+ Auth for GLinks and GCommunity | reCAPTCHA for GLinks | Free GLinks Plugins
Quote Reply
Re: [eupos] Hacking attempt In reply to
Actually, I do not know specifically if Apache will use that format- But I do use it in ipfw in FreeBSD for blocking unwanted IP's... works fine there.
dave

Big Cartoon DataBase
Big Comic Book DataBase
Quote Reply
Re: [carfac] Hacking attempt In reply to
Ah Wink
In that case Yes Smile

This will work fine, but here we started mention, case with the .htaccess to deny from apache side.

But your solution is very good in case you have control over the whole machine, not only the site Tongue

Cheers,
Boris

Facebook, Twitter and Google+ Auth for GLinks and GCommunity | reCAPTCHA for GLinks | Free GLinks Plugins