home
*

scoundrels

Here's a list of people who recently tried to attack equius.
D --> fail2ban :: via http :: via ssh :: via smtp :: caught in traps

fail2ban

      2 [pam-generic] Ban 121.12.127.175
      6 [pam-generic] Ban 175.45.192.236
      1 [pam-generic] Ban 182.100.67.113
      1 [pam-generic] Ban 208.165.55.150
      1 [postfix] Ban 81.147.75.143
      1 [ssh] Ban 113.108.69.209
      1 [ssh] Ban 114.34.149.14
      1 [ssh] Ban 115.88.36.83
      1 [ssh] Ban 118.70.168.251
      1 [ssh] Ban 119.188.6.231
      1 [ssh] Ban 119.48.248.77
      2 [ssh] Ban 121.12.127.175
      1 [ssh] Ban 12.195.185.6
      6 [ssh] Ban 175.45.192.236
      1 [ssh] Ban 182.100.67.113
      2 [ssh] Ban 184.170.88.70
      1 [ssh] Ban 187.178.206.67
      1 [ssh] Ban 190.90.227.125
      2 [ssh] Ban 193.104.41.53
      1 [ssh] Ban 195.137.213.227
      1 [ssh] Ban 195.223.78.99
      1 [ssh] Ban 200.0.233.144
      1 [ssh] Ban 200.105.158.166
      1 [ssh] Ban 205.232.44.203
      1 [ssh] Ban 206.205.67.73
      1 [ssh] Ban 206.214.68.68
      1 [ssh] Ban 208.109.111.61
     15 [ssh] Ban 208.165.55.150
      1 [ssh] Ban 210.211.125.177
      1 [ssh] Ban 210.51.9.166
      1 [ssh] Ban 212.83.177.88
      1 [ssh] Ban 216.51.46.108
      1 [ssh] Ban 217.8.244.9
      2 [ssh] Ban 218.200.188.213
      1 [ssh] Ban 218.4.90.246
      1 [ssh] Ban 218.87.111.116
      1 [ssh] Ban 221.195.56.47
      1 [ssh] Ban 222.241.151.149
      1 [ssh] Ban 31.210.42.34
      1 [ssh] Ban 36.33.24.108
      1 [ssh] Ban 41.164.27.2
      1 [ssh] Ban 50.23.7.242
      1 [ssh] Ban 58.32.235.37
      1 [ssh] Ban 58.48.54.96
      1 [ssh] Ban 64.150.190.198
      1 [ssh] Ban 67.19.112.186
      1 [ssh] Ban 70.35.40.205
      1 [ssh] Ban 75.145.35.82
      1 [ssh] Ban 85.93.88.245
      1 [ssh] Ban 87.29.121.32
      1 [ssh] Ban 94.247.27.213

via http

  260 attempts: turned away. Too many connections. 
  168 attempts: subnet: 199.116.248.0/21
  168 attempts: host: 199.116.255.237
   83 attempts: subnet: 207.161.0.0/16
   83 attempts: host: 207.161.86.39
   51 attempts: subnet: 176.0.0.0/8
   51 attempts: host: 176.195.147.119
   44 attempts: subnet: 185.0.0.0/8
   38 attempts: subnet: 58.0.0.0/8
   36 attempts: subnet: 184.20.0.0/15
   36 attempts: host: 184.21.52.23
   30 attempts: subnet: 188.0.0.0/8
   30 attempts: request: \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0
   30 attempts: host: 188.42.240.119
   28 attempts: request: GET /index.php 
   28 attempts: host: 58.62.235.164
   25 attempts: host: 185.48.180.105
   24 attempts: request: GET /components/com_hdflvplayer/hdflvplayer/download.php 
   22 attempts: subnet: 27.0.0.0/8
   22 attempts: host: 27.105.15.146
   19 attempts: request: GET /quests/index.php 
   18 attempts: request: GET /components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php 
   18 attempts: request: GET /administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_upload_image.php 
   17 attempts: subnet: 5.0.0.0/8
   17 attempts: request: GET /administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.
   16 attempts: subnet: 46.0.0.0/8
   16 attempts: request: GET /components/com_maian15/charts/php-ofc-library/ofc_upload_image.php 
   16 attempts: request: GET /components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_image.php 
   16 attempts: request: GET /components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php 
   16 attempts: request: GET /components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php 
   16 attempts: request: GET /components/com_acymailing/inc/openflash/php-ofc-library/ofc_upload_image.php 
   16 attempts: request: GET /administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php 
   16 attempts: request: GET /administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_image.php 
   16 attempts: request: GET /administrator/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php 
   16 attempts: request: GET /administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php 
   15 attempts: request: GET /xmlrpc.php 
   14 attempts: subnet: 173.108.0.0 - 173.108.255.255
   14 attempts: host: 5.39.82.4
   14 attempts: host: 173.108.140.34
   12 attempts: subnet: 183.0.0.0/8
   11 attempts: request: GET /wp-content/.../timthumb.php 
   10 attempts: host: 58.62.234.21

via ssh

  462 password attempts :          218.0.0.0/8 :  218.4.90.246, 218.65.30.23, 218.65.30.38, 218.65.30.61, 218.65.30.73, 218.65.30.92
  227 password attempts :        45.112.0.0/12 :  45.114.11.12, 45.114.11.13, 45.114.11.14, 45.114.11.15, 45.114.11.17, 45.114.11.18
  141 password attempts :          182.0.0.0/8 :  182.100.67.4, 182.100.67.59, 182.100.67.102, 182.100.67.112, 182.100.67.113, 182.1
  109 password attempts :          113.0.0.0/8 :  113.98.255.48, 113.108.69.209, 113.15.103.211, 113.195.145.12, 113.195.145.70, 113
   80 password attempts :          221.0.0.0/8 :  221.203.3.18, 221.179.89.90, 221.195.56.47, 221.233.60.94, 221.192.132.118, 221.23
   66 password attempts :          175.0.0.0/8 :  175.45.192.236
   61 password attempts :      208.166.0.0/19, :  208.165.55.150
   29 password attempts :           37.0.0.0/8 :  37.123.101.130
   27 password attempts :          115.0.0.0/8 :  115.88.36.83, 115.198.62.46, 115.198.202.87, 115.209.42.253, 115.209.108.172
   26 password attempts :           61.0.0.0/8 :  61.139.5.22, 61.160.215.102
   25 password attempts :          125.0.0.0/8 :  125.124.8.65, 125.69.80.32, 125.117.19.95, 125.25.236.130, 125.122.222.236, 125.12
   23 password attempts :           89.0.0.0/8 :  89.248.168.5, 89.248.171.19, 89.177.238.128, 89.248.171.148
   20 password attempts :          203.0.0.0/8 :  203.162.76.208
   18 password attempts :          183.0.0.0/8 :  183.152.3.118, 183.16.193.42, 183.151.131.46, 183.152.164.245
   15 password attempts :          187.0.0.0/8 :  187.84.68.25, 187.84.179.73, 187.178.206.67, 187.19.117.218
   13 password attempts :          190.0.0.0/8 :  190.60.31.107, 190.90.227.125, 190.108.104.249
   13 password attempts :          121.0.0.0/8 :  121.189.8.146, 121.12.127.175
   12 password attempts :           85.0.0.0/8 :  85.93.89.32, 85.93.88.245, 85.14.245.181
   12 password attempts :           78.0.0.0/8 :  78.232.14.85, 78.189.213.64
   12 password attempts :            5.0.0.0/8 :  5.39.223.8, 5.202.53.160, 5.189.132.210
   12 password attempts :          222.0.0.0/8 :  222.60.95.243, 222.124.132.205, 222.241.151.149, 222.255.174.163
   11 password attempts :          212.0.0.0/8 :  212.83.177.88, 212.72.156.234

smtp

 1585  blocked using bl.spamcop.net;
 1042  warning: hostname does not resolve to address
  615  blocked by greylisting (8 attempts from 198.37.154.102)
  252  reject: Sender address rejected: Domain not found
  250  reject: Helo command rejected: need fully-qualified hostname
  231  blocked using cbl.abuseat.org;
   92  blocked using zen.spamhaus.org;
   55  reject: Recipient address rejected: mailbox disabled
   50  reject: Recipient address rejected: SPF
   45  Received-SPF: softfail
   40  reject: Client host rejected: Access denied
   26  blocked using dnsbl.sorbs.net;
   24  Received-SPF: permerror
   17  warning: numeric domain name in resource data of MX record
   14  Relay access denied
    3  ...: warning: TLS library problem: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1262:SSL 
    2  ...: warning: unknown[93.82.238.138]: SASL PLAIN authentication failed: 
    2  reject: Recipient address rejected: User unknown in virtual alias table
    2  reject: Helo command rejected: Invalid name

caught in traps

103.6.198.164    for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
109.190.166.26   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
141.8.195.77     for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
148.251.194.200  for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
185.48.180.105   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
199.116.255.237  for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
46.238.32.131    for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
81.88.49.52      for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
94.36.38.63      for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
185.89.100.9     for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
5.10.105.47      for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php?name=pe
62.210.214.249   for  requesting  '//administrator/components/com_jnews/classes/graphics/php-ofc-library/ofc_upload_image.php?name=p
89.253.247.211   for  requesting  '//administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php'
207.154.5.81     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php'
94.23.252.53     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php'
74.115.6.141     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=a.php'
31.210.152.163   for  requesting  '/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=mil.php'
5.39.82.4        for  requesting  '/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=mil.php'
5.9.207.255      for  requesting  '/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=mil.php'
77.245.154.161   for  requesting  '/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=mil.php'
89.253.247.211   for  requesting  '/scoundrels.html//administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.ph
37.9.169.8       for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php'
50.194.112.179   for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php'
88.36.98.2       for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php'
198.46.84.72     for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src='
144.76.254.187   for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fflickr.com.advancedems.c
79.59.208.196    for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fpicasa.com.fershau.com%2
178.248.17.5     for  requesting  '//wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fpicas.com.tubtx.com%2Fm
94.23.199.80     for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http://picasa.com.fershau.com/indeks.
185.19.92.163    for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?webshot=1&src=http%3A%2F%2Fflickr.com
81.177.49.3      for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?webshot=1&src=http%3A%2F%2Fflickr.com

current blacklist

REFUSE     all  --  1.208.0.0/12         0.0.0.0/0           
REFUSE     all  --  27.115.0.0/17        0.0.0.0/0           
REFUSE     all  --  58.208.0.0/12        0.0.0.0/0           
REFUSE     all  --  58.248.0.0/13        0.0.0.0/0           
REFUSE     all  --  58.250.108.0/22      0.0.0.0/0           
REFUSE     all  --  59.0.0.0/8           0.0.0.0/0           
REFUSE     all  --  61.147.0.0/16        0.0.0.0/0           
REFUSE     all  --  61.174.51.192/26     0.0.0.0/0           
REFUSE     all  --  77.39.0.0/17         0.0.0.0/0           
REFUSE     all  --  87.229.111.0/24      0.0.0.0/0           
REFUSE     all  --  88.191.80.0/24       0.0.0.0/0           
REFUSE     all  --  93.114.40.0/21       0.0.0.0/0           
REFUSE     all  --  115.168.0.0/14       0.0.0.0/0           
REFUSE     all  --  116.1.0.0/16         0.0.0.0/0           
REFUSE     all  --  116.255.128.0/17     0.0.0.0/0           
REFUSE     all  --  123.31.0.0/19        0.0.0.0/0           
REFUSE     all  --  125.128.0.0/11       0.0.0.0/0           
REFUSE     all  --  180.76.0.0/16        0.0.0.0/0           
REFUSE     all  --  122.0.0.0/8          0.0.0.0/0           
REFUSE     all  --  123.138.0.0/15       0.0.0.0/0           
REFUSE     all  --  174.37.192.0/18      0.0.0.0/0           
REFUSE     all  --  182.48.0.0/18        0.0.0.0/0           
REFUSE     all  --  190.144.0.0/14       0.0.0.0/0           
REFUSE     all  --  202.117.0.0/18       0.0.0.0/0           
REFUSE     all  --  211.103.128.0/17     0.0.0.0/0           
REFUSE     all  --  217.20.169.160/27    0.0.0.0/0           
REFUSE     all  --  218.60.0.0/15        0.0.0.0/0           
REFUSE     all  --  218.0.0.0/30         0.0.0.0/0           
REFUSE     all  --  218.108.0.0/15       0.0.0.0/0           
REFUSE     all  --  219.140.0.0/16       0.0.0.0/0           
REFUSE     all  --  219.239.88.0/21      0.0.0.0/0           
REFUSE     all  --  221.0.0.0/15         0.0.0.0/0           
REFUSE     all  --  221.224.0.0/13       0.0.0.0/0           
REFUSE     all  --  222.184.0.0/13       0.0.0.0/0           
REFUSE     tcp  --  66.249.73.0/24       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  76.191.96.0/23       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  81.92.112.0/20       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  82.97.18.128/26      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  87.118.96.0/19       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  95.32.64.0/18        0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  106.10.128.0/18      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  114.32.0.0/12        0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  183.80.112.0/20      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  202.204.24.0/22      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  203.188.200.0/22     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  213.229.113.0/26     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  213.240.224.0/22     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  216.27.14.32/28      0.0.0.0/0            tcp dpt:25
REFUSE     all  --  116.8.0.0/14         0.0.0.0/0           

Last updated Wed Jul 29 12:48:01 2015 GMT