| Author |
Message |
rickleigh
Worker
Joined: Jan 06, 2009
Posts: 183
|
 Posted:
Sat Feb 14, 2009 2:51 pm |
|
I have been getting a lot of traffic from http://www.ripe.net IP addresses. Should I be worried about these users? They are all from other countries. So far I haven’t seen any bans made for hack attempts. |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sat Feb 14, 2009 7:13 pm |
|
At the macro level? No. At the micro level? Very likely. You need to look at what they are doing when they visit your site. You can use NukeSentinel's(tm) tracked IP Listing and/or examine your server access logs. |
| |
|
|
|
|
rickleigh
|
| Posted:
Sat Feb 14, 2009 8:24 pm |
|
Raven
I was looking through some of the tracking and I found this link with the text following it. | Quote: | | /modules.php?name=Submit_News&subject=Poigioupbus favyavapord&topic=2&alanguage=english&story=google http://google.com gust is a concerted set of messages aimed at influencing the opinions or behavior of thickset numbers of people. in locate of of impartially providing intellect, agitprop in its most required reason presents intellect in appropriate to reconstruct its audience. The most operative hype is almost always explicitly for detail, but some agitprop presents facts selectively to reinforcing a figures ly unifying, or gives closed-minded messages in appropriate to draw together an crazed rather than unexcited retaliation to the intellect presented. The desired d‚nouement expose is a party of the cognitive character of the overlook in the end audience |
What do you think this is or they were trying to do. I followed the link and get this error:| Quote: | Forbidden
Referred From : http://Mysite.com/admin.php?op=ABTrackedPages&user_id=1&ip_addr=79.***.***.***
Your IP : 24.***.***.***
The Page Requested: /modules.php?name=Submit_News&subject=Poigioupbus%20favyavapord&topic=2&alanguage=english&story=<h%20href=\"http://google.com\">google</a>
http://google.comgust%20is%20a%20concerted%20set%20of%20messages%20aimed%20at%20influencing%20the%20opinions%20or%20behavior%20of%20thickset%20numbers%20of%20
people.%20in%20locate%20of%20of%20impartially%20providing%20intellect,%20agitprop%20in%20its%20most%20required%20reason%20presents%20intellect%20in%20appropriate%20
to%20reconstruct%20its%20audience.%20The%20most%20operative%20hype%20is%20almost%20always%20explicitly%20for%20detail,%20but%20some%20agitprop%20presents%20facts%20
selectively%20to%20reinforcing%20a%20figures%20ly%20unifying,%20or%20gives%20closed-minded%20messages%20in%20appropriate%20to%20draw%20together%20an%20crazed%20
rather%20than%20unexcited%20retaliation%20to%20the%20intellect%20presented.%20The%20desired%20d,nouement%20expose%20is%20a%20party%20of%20the%20cognitive%20
character%20of%20the%20overlook%20in%20the%20end%20audience
Agent : Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Redirect Status : 403 |
I dont have no such content on my site. It also seams like most of the rest start the Registration process but never finish the last step. |
| |
|
|
|
|
Raven
|
| Posted:
Sat Feb 14, 2009 10:52 pm |
|
My guess would be that they are/were just testing to see if they could directly post/submit an article to your site. Had they been able to do so then they would either have spammed your site with junk or they would take their penetration testing to the next level, eventually trying/hoping to reach their ultimate destination - some kind of destruction. |
| |
|
|
|
|
rickleigh
|
| Posted:
Sat Feb 14, 2009 11:29 pm |
|
A few of them also had links that the took me to a forums topic called (Information) which says its locked and cant be posted in. But, when I go to the forums Admin I dont see that topic. Can you tell me what that would be all about?
Thanks for the information and help by the way. Your site is really great! |
Last edited by rickleigh on Sun Feb 15, 2009 10:12 am; edited 1 time in total |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Sun Feb 15, 2009 2:14 am |
|
(Information) just means there's an error message.
Note: RIPE is just a network for European addresses. It is not an ISP itself. You are not being attacked by them. More than likely, a malicious user is using a botnet to control compromised systems to do their dirty work. |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
rickleigh
|
| Posted:
Sun Feb 15, 2009 10:58 pm |
|
After doing some more research on these Ripe users I seen this is a common problem with these users using bots to attack and try to spam sites. I would prefer not to have them wasting my bandwidth and running my stats up with crap.
Is there a way to block all users from this company? |
| |
|
|
|
|
Raven
|
| Posted:
Sun Feb 15, 2009 11:33 pm |
|
Just as an FYI, it's not really a company 
Imo, that would be extreme overkill but you're the boss  - I did a Google search on How to ban all RIPE network addresses and there are several hits. The first one seems to be an excellent discussion.
http://www.webmasterworld.com/apache/3794237.htm |
| |
|
|
|
|
rickleigh
|
| Posted:
Mon Feb 16, 2009 8:12 am |
|
Raven,
Thanks Raven. I guess I'm just still upset that the last site I tried to host got taken over before I could even get it off the ground. I followed the install instructions to the letter this time on how to secure the site.
Nothing against your site but, when I made the mistake of posting my site's URL here for help. All hell broke lose as I think they use help forums like these to find there next victims. |
| |
|
|
|
|
Raven
|
| Posted:
Mon Feb 16, 2009 8:46 am |
|
They scan anything that is open to public view. My personal take on it is I let Sentinel do its job and I scan my access logs and zap the gnats and bugs the best I can. Banning China will certainly cut down your exposure. Just keep in mind that IP spoofing will allow them to come right back in. That's why it's so hard to really ban someone who wants in. Spoofing is easy and widespread, mostly due to all the windows users that don't bother to update their machines |
| |
|
|
|
|
grmm
New Member
Joined: Nov 15, 2008
Posts: 18
Location: Idaho, USA
|
| Posted:
Thu Jun 03, 2010 3:01 pm |
|
| Raven wrote: | | At the macro level? No. At the micro level? Very likely. You need to look at what they are doing when they visit your site. You can use NukeSentinel's(tm) tracked IP Listing and/or examine your server access logs. |
Where is this "Server Access Log" please? |
| |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Thu Jun 03, 2010 3:54 pm |
|
Most hosts provide such access via your account control panel. I would log into your hosting account control panel and look for server logs. If you cannot find them, I would ask your host as to how you may review the access logs for your account. |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
grmm
|
| Posted:
Thu Jun 03, 2010 9:39 pm |
|
Thanks Montego, I appreciate your help. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
