home
*

scoundrels

Here's a list of people who recently tried to attack equius.
D --> fail2ban :: via http :: via ssh :: via smtp :: caught in traps

fail2ban

      1 [pam-generic] Ban 113.195.145.12
      2 [pam-generic] Ban 115.230.124.202
      1 [pam-generic] Ban 115.230.124.229
      1 [pam-generic] Ban 115.230.126.140
      3 [pam-generic] Ban 115.230.126.151
      2 [pam-generic] Ban 115.230.127.55
      1 [pam-generic] Ban 115.230.127.61
      1 [pam-generic] Ban 115.239.230.133
      1 [pam-generic] Ban 115.239.230.138
      4 [pam-generic] Ban 115.239.248.238
      2 [pam-generic] Ban 183.136.216.3
      1 [pam-generic] Ban 183.136.216.4
      2 [pam-generic] Ban 183.136.216.6
      1 [pam-generic] Ban 218.87.111.116
      1 [pam-generic] Ban 218.87.111.118
      1 [ssh] Ban 113.105.224.82
      1 [ssh] Ban 113.195.145.12
      2 [ssh] Ban 115.230.124.202
      1 [ssh] Ban 115.230.124.229
      1 [ssh] Ban 115.230.126.140
      1 [ssh] Ban 115.230.126.149
      3 [ssh] Ban 115.230.126.151
      2 [ssh] Ban 115.230.127.55
      1 [ssh] Ban 115.230.127.61
      1 [ssh] Ban 115.239.230.133
      1 [ssh] Ban 115.239.230.136
      1 [ssh] Ban 115.239.230.138
      4 [ssh] Ban 115.239.248.238
      1 [ssh] Ban 119.97.202.161
      1 [ssh] Ban 171.111.158.210
      2 [ssh] Ban 183.136.216.3
      1 [ssh] Ban 183.136.216.4
      2 [ssh] Ban 183.136.216.6
      1 [ssh] Ban 218.27.204.27
      1 [ssh] Ban 218.87.111.116
      1 [ssh] Ban 218.87.111.118
      2 [ssh] Ban 220.249.101.112
      2 [ssh] Ban 61.160.194.139
      2 [ssh] Ban 61.160.232.140
      1 [ssh] Ban 61.166.189.69
      1 [ssh] Ban 80.52.135.154

via http

   48 attempts: host: 104.149.88.215
   40 attempts: request: GET http:/www.baidu.com/ 
   36 attempts: request: GET /components/com_hdflvplayer/hdflvplayer/download.php 
   31 attempts: subnet: 94.23.0.0/18
   31 attempts: subnet: 5.196.0.0/16
   31 attempts: host: 5.196.80.160
   24 attempts: user-agent: "ZmEu"
   24 attempts: host: 198.211.49.234
   23 attempts: host: 94.23.54.140
   22 attempts: subnet: 103.40.100.0/22
   22 attempts: host: 103.40.102.138
   21 attempts: request: GET http:/www.sogou.com/ 
   19 attempts: subnet: 121.8.0.0/13
   19 attempts: request: GET /index.php 
   15 attempts: request: GET http:/www.haosou.com/ 
   14 attempts: host: 216.99.157.170
   13 attempts: subnet: 61.138.224.0/19
   13 attempts: subnet: 183.0.0.0/10
   13 attempts: host: 61.138.252.235
   12 attempts: request: GET http:/www.soso.com/ 
   12 attempts: request: GET http:/www.so.com/ 
   12 attempts: request: GET http:/sg.search.yahoo.com/ 
   11 attempts: subnet: 119.9.0.0/18
   11 attempts: host: 119.9.22.11
   10 attempts: subnet: 195.210.46.0/23
   10 attempts: request: GET /images/stories/food.php 
   10 attempts: request: GET /bitrix/admin/index.php 
   10 attempts: host: 195.210.46.27
   10 attempts: host: 121.9.149.165

via ssh

 1314 password attempts :     115.230.126.0/24 :  115.230.126.140, 115.230.126.148, 115.230.126.149, 115.230.126.151
  988 password attempts :     183.136.216.0/24 :  183.136.216.3, 183.136.216.4, 183.136.216.6
  938 password attempts :     115.230.124.0/24 :  115.230.124.202, 115.230.124.208, 115.230.124.229
  784 password attempts :     115.239.230.0/24 :  115.239.230.133, 115.239.230.136, 115.239.230.138
  682 password attempts :     115.230.127.0/24 :  115.230.127.55, 115.230.127.60, 115.230.127.61
  431 password attempts :     115.239.248.0/24 :  115.239.248.238
  393 password attempts :        218.87.0.0/16 :  218.87.109.60, 218.87.109.62, 218.87.111.107, 218.87.111.108, 218.87.111.109, 218.
  120 password attempts :        117.21.0.0/16 :  117.21.173.33, 117.21.191.23, 117.21.174.111, 117.21.176.109
  112 password attempts :         218.64.0.0 - 218.65.127.255 :  218.65.30.23, 218.65.30.73, 218.65.30.92, 218.65.30.107
   91 password attempts :     80.242.123.128 - 80.242.123.223 :  80.242.123.130
   83 password attempts :        182.96.0.0/12 :  182.100.67.102, 182.100.67.112, 182.100.67.113, 182.100.67.114, 182.100.67.115
   52 password attempts :        222.160.0.0 - 222.163.31.255 :  222.161.4.147, 222.161.4.148, 222.161.4.149
   37 password attempts :       113.194.0.0/15 :  113.195.145.12, 113.195.145.79, 113.195.145.80
   34 password attempts :      43.255.191.0/24 :  43.255.191.135, 43.255.191.144, 43.255.191.150, 43.255.191.168, 43.255.191.169
   24 password attempts :      194.28.112.0/22 :  194.28.112.12
   20 password attempts :      109.169.74.0/23 :  109.169.74.58
   18 password attempts :      62.210.128.0/17 :  62.210.141.191, 62.210.141.221, 62.210.172.207
   18 password attempts :     195.238.180.0/22 :  195.238.181.159
   17 password attempts :       87.106.48.0/20 :  87.106.62.160
   16 password attempts :        61.160.0.0/16 :  61.160.194.139, 61.160.232.140
   15 password attempts :         60.166.0.0 - 60.175.255.255 :  60.173.10.91, 60.173.14.138, 60.173.26.206
   14 password attempts :       27.254.67.0/24 :  27.254.67.135
   14 password attempts :     211.154.128.0/20 :  211.154.139.196
   14 password attempts :       171.104.0.0/13 :  171.111.158.207, 171.111.158.210
   14 password attempts :       123.249.0.0/16 :  123.249.23.9
   13 password attempts :        60.206.0.0/18 :  60.206.40.81
   13 password attempts :      221.120.97.0 - 221.120.103.255 :  221.120.101.123
   13 password attempts :       109.190.0.0/16 :  109.190.157.65
   12 password attempts :        61.168.0.0/16 :  61.168.229.114
   12 password attempts :       211.151.0.0/16 :  211.151.127.170
   12 password attempts :      193.42.159.0/24 :  193.42.159.19
   12 password attempts :     190.9.130.110/32 :  190.9.130.110

smtp

 5845  warning: hostname does not resolve to address
 2177  blocked using bl.spamcop.net;
 1152  blocked by greylisting (6 attempts from 89.121.141.102)
  712  blocked using cbl.abuseat.org;
  278  reject: Sender address rejected: Domain not found
  252  reject: Helo command rejected: need fully-qualified hostname
  201  blocked using zen.spamhaus.org;
  130  reject: Recipient address rejected: SPF
   43  reject: Recipient address rejected: mailbox disabled
   39  Relay access denied
   36  blocked using dnsbl.sorbs.net;
   22  reject: Client host rejected: Access denied
   19  Received-SPF: softfail
   11  ...: warning: TLS library problem: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1262:
    8  warning: numeric domain name in resource data of MX record
    7  Received-SPF: permerror
    5  ...: warning: unknown[123.0.44.22]: SASL PLAIN authentication failed: 
    5  ...: warning: unknown[103.224.156.170]: SASL LOGIN authentication failed: Invalid authentication mechanism
    4  ...: warning: unknown[80.12.59.186]: SASL PLAIN authentication failed: 
    4  ...: warning: unknown[195.223.185.234]: SASL PLAIN authentication failed: 
    3  ...: warning: unknown[89.204.139.225]: SASL PLAIN authentication failed: 
    3  ...: warning: unknown[168.243.155.98]: SASL PLAIN authentication failed: 
    3  ...: warning: non-SMTP command from unknown[182.118.54.13]: GET / HTTP/1.0
    3  ...: warning: host56-51-dynamic.17-79-r.retail.telecomitalia.it[79.17.51.56]: SASL PLAIN authentication failed: 
    2  ...: warning: valid_hostname: misplaced delimiter: .
    2  ...: warning: user-109-243-21-44.play-internet.pl[109.243.21.44]: SASL PLAIN authentication failed: 
    2  ...: warning: unknown[2.232.255.131]: SASL PLAIN authentication failed: 
    2  ...: warning: unknown[194.51.82.195]: SASL PLAIN authentication failed: 
    2  ...: warning: unknown[190.67.227.147]: SASL PLAIN authentication failed: 
    2  ...: warning: unknown[190.221.212.39]: SASL PLAIN authentication failed: 
    2  ...: warning: unknown[151.77.12.72]: SASL PLAIN authentication failed: 
    2  ...: warning: unknown[117.193.184.187]: SASL PLAIN authentication failed: 
    2  ...: warning: unknown[117.193.140.68]: SASL PLAIN authentication failed: 
    2  ...: warning: unknown[103.232.129.188]: SASL PLAIN authentication failed: 
    2  ...: warning: non-SMTP command from unknown[182.118.60.87]: GET / HTTP/1.0
    2  ...: warning: non-SMTP command from unknown[182.118.53.110]: GET / HTTP/1.0
    2  ...: warning: node-lx3.pool-125-27.dynamic.totbb.net[125.27.110.247]: SASL PLAIN authentication failed: 
    2  ...: warning: host101-169-static.242-95-b.business.telecomitalia.it[95.242.169.101]: SASL PLAIN authentication failed: 
    2  ...: warning: 85-222-125-23.dynamic.chello.pl[85.222.125.23]: SASL PLAIN authentication failed: 
    2  ...: warning: 201-229-12-154.setardsl.aw[201.229.12.154]: SASL PLAIN authentication failed: 
    2  ...: warning: 1-175-74-82.dynamic.hinet.net[1.175.74.82]: SASL PLAIN authentication failed: 
    2  reject: Recipient address rejected: User unknown in virtual alias table

caught in traps

78.129.169.15    for  requesting  '//administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_upload_image.php?name
173.199.188.28   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
184.168.152.207  for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
195.210.46.27    for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
37.59.97.250     for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
50.62.177.200    for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
74.15.163.71     for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
188.132.234.138  for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
167.114.116.195  for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
213.147.64.20    for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
31.31.76.206     for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
176.182.219.116  for  requesting  '//administrator/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php
107.150.40.252   for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php'
194.8.147.15     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php'
194.8.147.15     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php'
141.101.32.234   for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=magic.ph
69.163.144.111   for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=magic.ph
91.238.161.4     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=magic.ph
118.91.130.20    for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=petx.php
188.40.67.144    for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=petx.php
31.193.237.167   for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=petx.php
31.193.237.167   for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=petx.php
84.205.231.42    for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=petx.php
50.7.178.162     for  requesting  '//components/com_joomleague/assets/classes/components/com_joomleague/assets/classes/tmp-upload-im
92.222.70.70     for  requesting  '/library/openFlashChart/ofc_upload_image.php?name=bigx.php'
37.120.168.163   for  requesting  '/scoundrels.html//admin_area/charts/ofc-library/ofc_upload_image.php'
144.76.145.178   for  requesting  '/scoundrels.html//administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-li
119.2.66.50      for  requesting  '/scoundrels.html//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-librar
137.116.81.84    for  requesting  '/scoundrels.html/wp-content/themes/cadabrapress/scripts/timthumb.php'
31.193.237.167   for  requesting  '/scoundrels.html/wp-content/themes/cadabrapress/scripts/timthumb.php'
188.165.245.32   for  requesting  '/scoundrels.html/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.com.
64.6.107.34      for  requesting  '/scoundrels.html//wp-content/themes/TheTravelTheme/includes/timthumb.php'
173.204.22.35    for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php'
192.254.146.214  for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php'
198.211.126.118  for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php'
31.196.201.130   for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php'
64.6.107.34      for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php'
72.27.230.135    for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php'
82.98.190.164    for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php'
212.67.216.50    for  requesting  '/scoundrels.html//wp-content/themes/thetraveltheme/includes/timthumb.php'
5.9.101.156      for  requesting  '/scoundrels.html/wp-content/themes/thetraveltheme/includes/timthumb.php'
46.105.214.200   for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http://picasa.com.fer
85.13.128.228    for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http://picasa.com.fer
85.13.128.228    for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http://picasa.com.fer
190.82.68.252    for  requesting  '//sites/all/modules/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php?name=mag
5.9.136.67       for  requesting  '//wp-content/themes/cadabrapress/scripts/timthumb.php'
173.236.22.94    for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fnutrition.mutatednation.com
182.18.132.28    for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http://picasa.com.notaria50.com.mx/ba
174.136.15.133   for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http://picasa.com.vinogradialeksic.co
94.23.7.160      for  requesting  '/wp-content/themes/TheTravelTheme/timthumb.php?src=http%3A%2F%2Fwordpress.com.medialab.com.mx%2Fn

current blacklist

REFUSE     all  --  1.208.0.0/12         0.0.0.0/0           
REFUSE     all  --  27.115.0.0/17        0.0.0.0/0           
REFUSE     all  --  58.208.0.0/12        0.0.0.0/0           
REFUSE     all  --  58.248.0.0/13        0.0.0.0/0           
REFUSE     all  --  58.250.108.0/22      0.0.0.0/0           
REFUSE     all  --  59.0.0.0/8           0.0.0.0/0           
REFUSE     all  --  61.147.0.0/16        0.0.0.0/0           
REFUSE     all  --  61.174.51.192/26     0.0.0.0/0           
REFUSE     all  --  74.201.85.64/26      0.0.0.0/0           
REFUSE     all  --  77.39.0.0/17         0.0.0.0/0           
REFUSE     all  --  87.229.111.0/24      0.0.0.0/0           
REFUSE     all  --  88.191.80.0/24       0.0.0.0/0           
REFUSE     all  --  93.114.40.0/21       0.0.0.0/0           
REFUSE     all  --  103.41.124.0/24      0.0.0.0/0           
REFUSE     all  --  115.168.0.0/14       0.0.0.0/0           
REFUSE     all  --  115.231.216.0/21     0.0.0.0/0           
REFUSE     all  --  115.239.228.0/24     0.0.0.0/0           
REFUSE     all  --  116.1.0.0/16         0.0.0.0/0           
REFUSE     all  --  116.8.0.0/14         0.0.0.0/0           
REFUSE     all  --  116.255.128.0/17     0.0.0.0/0           
REFUSE     all  --  117.21.0.0/16        0.0.0.0/0           
REFUSE     all  --  123.31.0.0/19        0.0.0.0/0           
REFUSE     all  --  125.128.0.0/11       0.0.0.0/0           
REFUSE     all  --  180.76.0.0/16        0.0.0.0/0           
REFUSE     all  --  122.0.0.0/8          0.0.0.0/0           
REFUSE     all  --  123.138.0.0/15       0.0.0.0/0           
REFUSE     all  --  174.37.192.0/18      0.0.0.0/0           
REFUSE     all  --  182.48.0.0/18        0.0.0.0/0           
REFUSE     all  --  190.144.0.0/14       0.0.0.0/0           
REFUSE     all  --  202.117.0.0/18       0.0.0.0/0           
REFUSE     all  --  211.103.128.0/17     0.0.0.0/0           
REFUSE     all  --  217.20.169.160/27    0.0.0.0/0           
REFUSE     all  --  218.60.0.0/15        0.0.0.0/0           
REFUSE     all  --  218.0.0.0/30         0.0.0.0/0           
REFUSE     all  --  218.108.0.0/15       0.0.0.0/0           
REFUSE     all  --  219.140.0.0/16       0.0.0.0/0           
REFUSE     all  --  219.239.88.0/21      0.0.0.0/0           
REFUSE     all  --  220.176.0.0/15       0.0.0.0/0           
REFUSE     all  --  221.0.0.0/15         0.0.0.0/0           
REFUSE     all  --  221.224.0.0/13       0.0.0.0/0           
REFUSE     all  --  222.184.0.0/13       0.0.0.0/0           
REFUSE     tcp  --  66.249.73.0/24       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  76.191.96.0/23       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  81.92.112.0/20       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  82.97.18.128/26      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  87.118.96.0/19       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  95.32.64.0/18        0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  106.10.128.0/18      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  114.32.0.0/12        0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  183.80.112.0/20      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  202.204.24.0/22      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  203.188.200.0/22     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  213.229.113.0/26     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  213.240.224.0/22     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  216.27.14.32/28      0.0.0.0/0            tcp dpt:25

Last updated Thu Apr 2 00:48:01 2015 GMT