Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
djw2
Regular
Regular


Joined: Sep 19, 2003
Posts: 95
Location: St. Louis, MO

PostPosted: Fri Jun 18, 2004 6:54 am Reply with quote

Hey,

I got another last night.

What's odd is that five out of six attacks on my site have come from the RIPE Network. I've reported every one but there seems to be a trend here. I'm beginning to wonder if the problem isn't with the ISP rather than a few of it's users.

Does anyone know anything about RIPE? Are an unusual number of attacks on your site/s coming from this network or that region (western Europe)? Let me admit that I haven't a clue what I'm talking about; it just seems strange to see so many whois come back with such like information in them.

Here's the top of the email I got last night.


Peace!


Quote:
Date & Time: 2004-06-18 02:28:11
Blocked IP: 213.24.168.103
User ID: (1)
Reason: Abuse - UNION
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Query String: DOMAIN EDITED FOR SAFETY/modules.php?name=Download&d_op=viewdownload&cid=-1%20UNION%20SELECT%20user_id,%20username,%20user_password%20FROM%20nuke_users/*
Forwarded For: none
Client IP: none
Remote Address: 213.24.168.103
Remote Port: 3101
Request Method: GET
--------------------
Who-Is for IP
213.24.168.103


OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: Singel 258
Address: 1016 AB
City: Amsterdam
StateProv:
PostalCode:
Country: NL

_________________
It has become appallingly obvious that our technology has exceeded our humanity.

--Albert Einstein 
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Fri Jun 18, 2004 7:01 am Reply with quote

You are very much correct. It is the ISP's that harbor the criminal elements often times. You will get more and more attacks from the kiddies from brazil in the entire 200. range. I use to blanket block all 200 IP's, obviously throwing the baby out with the bathwater. But, with Sentinel™ I have enough confidence and only ban the bad boys (er, kids).
 
View user's profile Send private message
djw2
PostPosted: Fri Jun 18, 2004 7:12 am Reply with quote

Is there a high authority we should report the ISP to?

Is there a time when that is appropriate?

Who regulates the ISPs distribution of IP addresses?


Thanks again Raven.
 
Raven
PostPosted: Fri Jun 18, 2004 7:13 am Reply with quote

ICAAN is the "high authority" on IP assignments, but I doubt that they get involved at that level. I just keep reporting them and go on. Maybe someone else has mor information?
 
djw2
PostPosted: Fri Jun 18, 2004 7:48 am Reply with quote

This is from the icann.org website.

Quote:
If I'm having a problem with my registrar, should I report it to ICANN?

If you have a problem with one of the registrars, you should first try to resolve it with that registrar.

If you cannot resolve your complaint with the registrar, you should address it to private-sector agencies involved in addressing customer complaints or governmental consumer-protection agencies. The appropriate agency will vary depending on the jurisdiction of the registrar and the customer.

All registrars with direct access to the .aero, .biz, .com, .coop, .info, .museum, .name, .net, ,.org, and .pro registries are accredited for this purpose by the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN does not resolve individual customer complaints. ICANN is a technical-coordination body. Its primary objective is to coordinate the Internet's system of assigned names and numbers to promote stable operation.

Although ICANN's limited technical mission does not include resolving individual customer-service complaints, ICANN does monitor such complaints to discern trends. If you would like to submit a complaint about a registrar for ICANN's records, please use the Only registered users can see links on this board! Get registered or login! located at the InterNIC website. As a courtesy, ICANN will forward your complaint to the registrar for review and further handling. (Please note that there is no guarantee that the registrar will reply.)

Find registrar contact details in the Only registered users can see links on this board! Get registered or login!
Submit a registrar complaint through the Only registered users can see links on this board! Get registered or login!



That doesn't seem all that encouraging. I wonder if there's a BBB in Amsterdam? Rolling Eyes


Thanks again.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©