|
Precedente
Successivo
|
| Autore |
Messaggio |
marco
Registrato: 26/08/07 14:51
Messaggi: 4404
Residenza: Roma
|
R13
Inviato: Lun 10 Gen 2011, 12:22 Oggetto: Preventing BOT registration on PhpBB - banlist
|
 |
|
If someone is suffering BOT attack, with bulk registration of users on PhpBB for spam purposes, here there is a list of the IPs classes I actually detected: [... cut ...]
This spamming BOT is more advanced than ordinary spam techniques.
At least it registers on PhpBB2/PhpBB3 boards bypassing intermediate screen, captcha and confirmation email. It also parses registration page for hidden/filtered fields.
This BOT attack is a real pain, a big trouble for every forum owner.
On this forum I've found a trick to trap the BOT, preventing both registration and spam.
Now I'm collecting IP ranges of attacks, building the related banlist.
EDIT
I decided to reset the banlist, in order to give abusemen the option to stop BOT attacks.
In the following post you'll find IP ranges that didn't respond or didn't take action on BOT attacks, and in the following post a list of pending abuse contacts.
After a couple of days with no answer I'll move IP ranges from "pending" to "ban".
The new list is good for both PhpBB2 and PhpBB3.
If you are an abuseman of one on such networks please let me know (info @ this-site-domain) if you intend to keep action on this kind of attacks.
In case you are a user of the same network, ask your abuseman the same thing and let me know.
PhpBB2 admins only:
In order to prevent duplicated entries in the banlist, including duplications inserted by mistake through the Web interface, you could provide the table with a UNIQUE index based on ban_userid, ban_ip, ban_email:
| Codice: | | ALTER TABLE phpbb_banlist ADD UNIQUE KEY UniqueEntry (ban_userid,ban_ip,ban_email) |
L'ultima modifica di marco il Mar 11 Gen 2011, 15:00, modificato 14 volte |
|
| Top |
|
 |
marco
Registrato: 26/08/07 14:51
Messaggi: 4404
Residenza: Roma
|
|
R13
Inviato: Lun 10 Gen 2011, 15:28 Oggetto: Consolidated IP ranges for the banlist
|
|
|
This is a consolidated list of the IP ranges whose abusemen didn't reposd (or didn't take action) on the attack.
After every line there is the PhpBB2/PhpBB3 banlist notation in order to ease banning from PhpBB web GUI.
Networks where abusemen didn't take action on BOT attack:
- ideal-solutions.org (AKA 2x4.ru), 193.107.16.0 - 193.107.19.255
193.107.16.*, 193.107.17.*, 193.107.18.*, 193.107.19.*
Networks where abusemen didn't respond to abuse complain:
- 109.230.213.26 and more, [11/Jan/2011:13:58:51 +0100], xsserver.eu, DE, 109.230.213.0 - 109.230.251.255
109.230.213.*, 109.230.214.*, 109.230.215.*, 109.230.216.*, 109.230.217.*, 109.230.218.*, 109.230.219.*, 109.230.220.*, 109.230.221.*, 109.230.222.*, 109.230.223.*, 109.230.224.*, 109.230.225.*, 109.230.226.*, 109.230.227.*, 109.230.228.*, 109.230.229.*, 109.230.230.*, 109.230.231.*, 109.230.232.*, 109.230.233.*, 109.230.234.*, 109.230.235.*, 109.230.236.*, 109.230.237.*, 109.230.238.*, 109.230.239.*, 109.230.240.*, 109.230.241.*, 109.230.242.*, 109.230.243.*, 109.230.244.*, 109.230.245.*, 109.230.246.*, 109.230.247.*, 109.230.248.*, 109.230.249.*, 109.230.250.*, 109.230.251.*
Networks where abuse mailbox bounces, or without abuse mailbox entry:
- 59.57.14.71, [11/Jan/2011:12:52:41 +0100], cndata.com / chinanet.cn.net, ZH, 59.56.0.0 - 59.61.255.255
59.56.*.*, 59.57.*.*, 59.58.*.*, 59.59.*.*, 59.60.*.*, 59.61.*.*
- 91.210.105.63, [11/Jan/2011:12:12:45 +0100], hostkey.ru / nconnect.ru, RU, 91.210.104.0 - 91.210.107.255
91.210.104.*, 91.210.105.*, 91.210.106.*, 91.210.107.*
- 80.251.113.56, [11/Jan/2011:15:20:30 +0100], lifelink.ru, RU, 80.251.112.0 - 80.251.123.255
80.251.112.*, 80.251.113.*, 80.251.114.*, 80.251.115.*, 80.251.116.*, 80.251.117.*, 80.251.118.*, 80.251.119.*, 80.251.120.*, 80.251.121.*, 80.251.122.*, 80.251.123.*
- 193.105.210.164, [11/Jan/2011:15:27:53 +0100], galahost.net, UA, 193.105.210.0 - 193.105.210.255
193.105.210.*
- 89.78.126.14, [11/Jan/2011:16:36:19 +0100], chello.pl, PL, 89.78.0.0 - 89.78.255.255
89.78.*.*
- 85.234.20.109, [11/Jan/2011:16:39:17 +0100], info-link.ru, RU, 85.234.20.0 - 85.234.21.255
85.234.20.*, 85.234.21.*
- 77.78.8.139, [11/Jan/2011:19:51:35 +0100], networx-bg.com, BG, 77.78.8.0 - 77.78.8.255
77.78.8.*
- 195.162.68.145, [12/Jan/2011:00:11:17 +0100], nconnect.ru, RU, 195.162.68.0 - 195.162.69.255
195.162.68.*, 195.162.69.*
- 91.201.66.51, [12/Jan/2011:00:10:35 +0100], donecoserv.ru, RU, 91.201.64.0 - 91.201.67.255
91.201.64.*, 91.201.65.*, 91.201.66.*, 91.201.67.*
- 91.197.146.54, [12/Jan/2011:01:03:49 +0100], muteam.kiev.ua, UA, 91.197.144.0 - 91.197.147.255
91.197.144.*, 91.197.145.*, 91.197.146.*, 91.197.147.*
- 178.94.187.225, [12/Jan/2011:01:39:50 +0100], ukrtel.net, UA, 178.92.0.0 - 178.95.255.255
178.92.*.*
L'ultima modifica di marco il Mer 12 Gen 2011, 13:34, modificato 31 volte |
|
| Top |
|
|
marco
Registrato: 26/08/07 14:51
Messaggi: 4404
Residenza: Roma
|
|
R13
Inviato: Mar 11 Gen 2011, 01:08 Oggetto: Pending abuse complains
|
|
|
All logs are related to attacks to this forum, Main IP: 82.103.142.129, Alternative IP: 82.103.128.108
When entries also report a second line in banlist format, bold entries have been precautionary banned because of BOT flooding activity.
- -- IP --, --- attack date and time ---, --- abuse@ mailbox ---, --- Country ---, --- IP range ---
- 188.126.81.223, [11/Jan/2011:00:55:33 +0100], portlane.com, SE, 188.126.80.0 - 188.126.87.255
- 88.191.130.150, [11/Jan/2011:04:15:18 +0100], proxad.net, FR, 88.191.3.0 - 88.191.248.255
88.191.130.*
- 195.216.197.135, [11/Jan/2011:04:18:24 +0100], ukhost4u.com, GB, 195.216.196.0 - 195.216.197.255
- 74.115.210.43, [11/Jan/2011:04:20:34 +0100], fast-serv.com, US/CA, 74.115.210.0 - 74.115.210.63
- 85.17.139.138, [11/Jan/2011:05:51:07 +0100], leaseweb.com, NL, 85.17.139.0 - 85.17.139.255
- 95.68.80.68, [11/Jan/2011:07:28:33 +0100], lattelecom.lv, LV, 95.68.0.0 - 95.68.127.254
- 83.21.205.207, [11/Jan/2011:08:58:28 +0100], telekomunikacja.pl / tpnet.pl, PL, 83.21.0.0 - 83.21.255.255
- 188.165.212.27, [10/Jan/2011:21:33:45 +0100], ovh.net, FR, 188.165.192.0 - 188.165.255.255
188.165.192.*, 188.165.193.*, 188.165.194.*, 188.165.195.*, 188.165.196.*, 188.165.197.*, 188.165.198.*, 188.165.199.*, 188.165.200.*, 188.165.201.*, 188.165.202.*, 188.165.203.*, 188.165.204.*, 188.165.205.*, 188.165.206.*, 188.165.207.*, 188.165.208.*, 188.165.209.*, 188.165.210.*, 188.165.211.*, 188.165.212.*, 188.165.213.*, 188.165.214.*, 188.165.215.*, 188.165.216.*, 188.165.217.*, 188.165.218.*, 188.165.219.*, 188.165.220.*, 188.165.221.*, 188.165.222.*, 188.165.223.*, 188.165.224.*, 188.165.225.*, 188.165.226.*, 188.165.227.*, 188.165.228.*, 188.165.229.*, 188.165.230.*, 188.165.231.*, 188.165.232.*, 188.165.233.*, 188.165.234.*, 188.165.235.*, 188.165.236.*, 188.165.237.*, 188.165.238.*, 188.165.239.*, 188.165.240.*, 188.165.241.*, 188.165.242.*, 188.165.243.*, 188.165.244.*, 188.165.245.*, 188.165.246.*, 188.165.247.*, 188.165.248.*, 188.165.249.*, 188.165.250.*, 188.165.251.*, 188.165.252.*, 188.165.253.*, 188.165.254.*, 188.165.255.*
- 72.9.227.227, [09/Jan/2011:09:19:23 +0100], gnax.net, US, 72.9.224.0 - 72.9.255.255
72.9.224.*, 72.9.225.*, 72.9.226.*, 72.9.227.*, 72.9.228.*, 72.9.229.*, 72.9.230.*, 72.9.231.*, 72.9.232.*, 72.9.233.*, 72.9.234.*, 72.9.235.*, 72.9.236.*, 72.9.237.*, 72.9.238.*, 72.9.239.*, 72.9.240.*, 72.9.241.*, 72.9.242.*, 72.9.243.*, 72.9.244.*, 72.9.245.*, 72.9.246.*, 72.9.247.*, 72.9.248.*, 72.9.249.*, 72.9.250.*, 72.9.251.*, 72.9.252.*, 72.9.253.*, 72.9.254.*, 72.9.255.*
- 95.27.71.160, [10/Jan/2011:21:03:52 +0100], corbina.net, RU, 95.24.0.0 - 95.30.255.255
- 90.2.186.235, [11/Jan/2011:14:24:48 +0100], orange.fr, FR, 90.2.186.0 - 90.2.186.255
90.2.186.*
- 92.241.169.160, [11/Jan/2011:15:36:48 +0100], 2x4.ru, RU, 92.241.168.0 - 92.241.169.254
92.241.168.*, 92.241.169.*
- 178.73.209.44, [11/Jan/2011:16:07:21 +0100], vpntunnel.se, SE, 178.73.209.0 - 178.73.209.255
178.73.209.*
- 93.90.243.63, [11/Jan/2011:17:08:10 +0100], kraslan.ru, RU, 93.90.240.0 - 93.90.247.255
- 213.192.3.66, [11/Jan/2011:18:51:25 +0100], sloane.cz, CZ, 213.192.0.0 - 213.192.63.255
213.192.0.*, 213.192.1.*, 213.192.2.*, 213.192.3.*, 213.192.4.*, 213.192.5.*, 213.192.6.*, 213.192.7.*, 213.192.8.*, 213.192.9.*, 213.192.10.*, 213.192.11.*, 213.192.12.*, 213.192.13.*, 213.192.14.*, 213.192.15.*, 213.192.16.*, 213.192.17.*, 213.192.18.*, 213.192.19.*, 213.192.20.*, 213.192.21.*, 213.192.22.*, 213.192.23.*, 213.192.24.*, 213.192.25.*, 213.192.26.*, 213.192.27.*, 213.192.28.*, 213.192.29.*, 213.192.30.*, 213.192.31.*, 213.192.32.*, 213.192.33.*, 213.192.34.*, 213.192.35.*, 213.192.36.*, 213.192.37.*, 213.192.38.*, 213.192.39.*, 213.192.40.*, 213.192.41.*, 213.192.42.*, 213.192.43.*, 213.192.44.*, 213.192.45.*, 213.192.46.*, 213.192.47.*, 213.192.48.*, 213.192.49.*, 213.192.50.*, 213.192.51.*, 213.192.52.*, 213.192.53.*, 213.192.54.*, 213.192.55.*, 213.192.56.*, 213.192.57.*, 213.192.58.*, 213.192.59.*, 213.192.60.*, 213.192.61.*, 213.192.62.*, 213.192.63.*
- 96.31.87.132, [11/Jan/2011:19:04:29 +0100], noc4hosts.com, US/FL, 96.31.64.0 - 96.31.95.255 (96.31.64.0/19)
96.31.64.*, 96.31.65.*, 96.31.66.*, 96.31.67.*, 96.31.68.*, 96.31.69.*, 96.31.70.*, 96.31.71.*, 96.31.72.*, 96.31.73.*, 96.31.74.*, 96.31.75.*, 96.31.76.*, 96.31.77.*, 96.31.78.*, 96.31.79.*, 96.31.80.*, 96.31.81.*, 96.31.82.*, 96.31.83.*, 96.31.84.*, 96.31.85.*, 96.31.86.*, 96.31.87.*, 96.31.88.*, 96.31.89.*, 96.31.90.*, 96.31.91.*, 96.31.92.*, 96.31.93.*, 96.31.94.*, 96.31.95.*
- 173.242.119.177, [11/Jan/2011:19:35:47 +0100], volumedrive.com, US/PA, 173.242.112.0 - 173.242.127.255 (173.242.112.0/20)
173.242.112.*, 173.242.113.*, 173.242.114.*, 173.242.115.*, 173.242.116.*, 173.242.117.*, 173.242.118.*, 173.242.119.*, 173.242.120.*, 173.242.121.*, 173.242.122.*, 173.242.123.*, 173.242.124.*, 173.242.125.*, 173.242.126.*, 173.242.127.*
- 87.254.143.190, [11/Jan/2011:21:00:50 +0100], tyumen.ru, RU, 87.254.136.0 - 87.254.143.255
87.254.143.*
- 91.212.226.210, [11/Jan/2011:22:24:34 +0100], netdedicated.ru, RU, 91.212.226.0 - 91.212.226.255
91.212.226.*
- 64.62.255.245 , [11/Jan/2011:22:57:38 +0100], he.net, CN, 64.62.255.0 - 64.62.255.255
Networks where the Abuse Team started some action:
- 66.90.101.37, [11/Jan/2011:16:57:26 +0100], fdcservers.net, US/IL, 66.90.64.0 - 66.90.127.255
66.90.64.*, 66.90.65.*, 66.90.66.*, 66.90.67.*, 66.90.68.*, 66.90.69.*, 66.90.70.*, 66.90.71.*, 66.90.72.*, 66.90.73.*, 66.90.74.*, 66.90.75.*, 66.90.76.*, 66.90.77.*, 66.90.78.*, 66.90.79.*, 66.90.80.*, 66.90.81.*, 66.90.82.*, 66.90.83.*, 66.90.84.*, 66.90.85.*, 66.90.86.*, 66.90.87.*, 66.90.88.*, 66.90.89.*, 66.90.90.*, 66.90.91.*, 66.90.92.*, 66.90.93.*, 66.90.94.*, 66.90.95.*, 66.90.96.*, 66.90.97.*, 66.90.98.*, 66.90.99.*, 66.90.100.*, 66.90.101.*, 66.90.102.*, 66.90.103.*, 66.90.104.*, 66.90.105.*, 66.90.106.*, 66.90.107.*, 66.90.108.*, 66.90.109.*, 66.90.110.*, 66.90.111.*, 66.90.112.*, 66.90.113.*, 66.90.114.*, 66.90.115.*, 66.90.116.*, 66.90.117.*, 66.90.118.*, 66.90.119.*, 66.90.120.*, 66.90.121.*, 66.90.122.*, 66.90.123.*, 66.90.124.*, 66.90.125.*, 66.90.126.*, 66.90.127.*
- 89.149.244.75, [09/Jan/2011:17:27:46 +0100], netdirekt.de, DE, 89.149.241.0 - 89.149.244.255
89.149.241.*, 89.149.242.*, 89.149.243.*, 89.149.244.*
- 94.142.133.27, [11/Jan/2011:18:41:21 +0100], cssgroup.lv, LV, 94.142.133.0 - 94.142.133.255
94.142.133.*
L'ultima modifica di marco il Mer 12 Gen 2011, 13:25, modificato 1 volta |
|
| Top |
|
|
marco
Registrato: 26/08/07 14:51
Messaggi: 4404
Residenza: Roma
|
|
R13
Inviato: Mer 12 Gen 2011, 00:01 Oggetto: To be removed from banlist
|
|
|
Networks where Abuse Team reports the issue to be over:
- 195.54.162.128, [11/Jan/2011:21:31:43 +0100], secom.com.ua, UA, 195.54.162.0 - 195.54.163.255
195.54.162.*, 195.54.163.*
_________________
Splendente in età acerba di passione
rosso fiammante
Ma senza età matura
marcia impostura |
|
| Top |
|
|
|
 |
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
Cerca il Forum con Google
|
|
|
|
|
|
Messaggi privati
Log in
Registrazione
