home
*

scoundrels

Here's a list of people who recently tried to attack equius.
D --> fail2ban :: via http :: via ssh :: via smtp :: caught in traps

fail2ban

      1 [postfix] Ban 113.161.8.13
      1 [postfix] Ban 114.26.212.113
      1 [postfix] Ban 190.129.127.156
      1 [postfix] Ban 200.215.216.38
      1 [postfix] Ban 37.233.31.201
      1 [postfix] Ban 39.52.187.190

via http

   62 attempts: request: GET /images/stories/vito.php 
   55 attempts: request: GET /wp-content/.../timthumb.php 
   45 attempts: host: 74.86.147.196
   39 attempts: request: GET /wp-login.php 
   35 attempts: request: GET /images/stories/explore.php 
   31 attempts: subnet: 221.132.16.0 - 221.132.39.255
   31 attempts: host: 221.132.34.165
   29 attempts: subnet: 151.12.37.0/24
   29 attempts: host: 151.12.37.111
   28 attempts: subnet: 182.254.128.0/17
   28 attempts: request: GET http:/www.mafengwo.com/ 
   26 attempts: host: 142.4.218.189
   20 attempts: subnet: 193.201.224.0/22
   20 attempts: request: GET /scoundrels.html/wp-content/.../timthumb.php 
   20 attempts: request: GET /images/stories/petx.php 
   20 attempts: host: 193.201.224.92
   17 attempts: request: GET /images/stories/food.php 
   16 attempts: subnet: 80.87.240.0/24
   16 attempts: host: 80.87.240.49
   16 attempts: host: 209.191.185.166
   15 attempts: request: GET /images/stories/3xp.php 
   13 attempts: subnet: 126.0.0.0/8
   13 attempts: request: GET /images/stories/wawalo.php 
   13 attempts: host: 173.214.161.236
   13 attempts: host: 126.10.211.58
   12 attempts: host: 72.55.168.74
   11 attempts: request: GET /index.php 
   10 attempts: subnet: 188.93.56.0/24
   10 attempts: host: 188.93.56.216

via ssh

  197.232.19.210 : 833 password attempts : 197.232.0.0/16 : mail.kenton.ac.ke
 115.239.248.122 : 588 password attempts : 115.239.248.0/24 : 
 202.109.143.111 : 350 password attempts : 202.109.128.0/18 : 
  115.239.248.54 : 326 password attempts : 115.239.248.0/24 : 
     218.2.0.135 : 80 password attempts : 218.2.0.0 - 218.4.255.255 : 
     218.2.0.126 : 62 password attempts : 218.2.0.0 - 218.4.255.255 : 
     218.2.0.125 : 58 password attempts : 218.2.0.0 - 218.4.255.255 : 
     218.2.0.123 : 53 password attempts : 218.2.0.0 - 218.4.255.255 : 
    85.214.94.83 : 46 password attempts : 85.214.16.0 - 85.214.139.255 : h1785803.stratoserver.net
   117.27.158.69 : 38 password attempts : 117.24.0.0/13 : 
  31.184.193.231 : 34 password attempts : 31.184.192.0/18 : 
   117.27.158.76 : 34 password attempts : 117.24.0.0/13 : 
   61.166.189.69 : 33 password attempts : 61.166.0.0/16 : 
 132.199.102.173 : 30 password attempts : 132.199.0.0/16 : pc1011306727.uni-regensburg.de
   117.27.158.91 : 30 password attempts : 117.24.0.0/13 : 
     218.2.0.130 : 26 password attempts : 218.2.0.0 - 218.4.255.255 : 
     218.2.0.120 : 24 password attempts : 218.2.0.0 - 218.4.255.255 : 
     218.2.0.132 : 21 password attempts : 218.2.0.0 - 218.4.255.255 : 
   117.27.158.89 : 20 password attempts : 117.24.0.0/13 : 
     218.2.0.128 : 18 password attempts : 218.2.0.0 - 218.4.255.255 : 
   117.27.158.88 : 16 password attempts : 117.24.0.0/13 : 
   58.83.146.252 : 15 password attempts : 58.83.128.0/18 : 
   195.22.103.37 : 15 password attempts : 195.22.100.0/22 : webserver8.24dns.nl
  117.27.158.104 : 15 password attempts : 117.24.0.0/13 : 
    60.190.71.52 : 14 password attempts : 60.190.71.52/30 : 
  180.210.234.87 : 14 password attempts : 180.210.224.0/19 : 
   117.27.158.71 : 14 password attempts : 117.24.0.0/13 : 
     218.2.0.129 : 12 password attempts : 218.2.0.0 - 218.4.255.255 : 

smtp

 1135  warning: hostname does not resolve to address
 1133  blocked using bl.spamcop.net;
  909  blocked by greylisting (34 attempts from 188.47.23.42)
  568  blocked using cbl.abuseat.org;
  533  reject: Sender address rejected: Domain not found
  142  blocked using zen.spamhaus.org;
  138  warning: numeric domain name in resource data of MX record
  130  blocked using dnsbl.sorbs.net;
  110  reject: Helo command rejected: need fully-qualified hostname
   88  Relay access denied
   80  Received-SPF: softfail
   65  reject: Recipient address rejected: mailbox disabled
   63  reject: Recipient address rejected: SPF
   52  Received-SPF: permerror
   30  reject: Client host rejected: Access denied
   10  reject: Helo command rejected: Invalid name
    5  reject: Recipient address rejected: User unknown in virtual alias table
    3  reject: Recipient address rejected: Improper use of SMTP command pipelining
    2  ...: warning: valid_hostname: empty hostname
    2  ...: warning: non-SMTP command from unknown[93.174.93.51]: GET http://ipv4scan.com/hello/check.txt HTTP/1.1
    2  warning: malformed domain name in resource data of MX record
    2  reject: Sender address rejected: Malformed DNS server reply

caught in traps

blacklist:  adding  103.247.0.7      for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fimg.
blacklist:  adding  104.193.9.230    for  requesting  '/scoundrels.html//administrator/components/com_redmystic/chart/ofc-library/of
blacklist:  adding  108.167.169.1    for  requesting  '/scoundrels.html//wp-content/themes/cadabrapress/scripts/timthumb.php?src=she
blacklist:  adding  124.217.247.129  for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  131.175.32.106   for  requesting  '//wp-content/plugins/woopra/inc/php-ofc-library/ofc_upload_image.php?name=vit
blacklist:  adding  142.4.218.189    for  requesting  '//administrator/components/com_redmystic/chart/php-ofc-library/ofc_upload_ima
blacklist:  adding  151.12.37.111    for  requesting  '//admin_area/charts/php-ofc-library/ofc_upload_image.php?name=vito.php'
blacklist:  adding  151.12.37.111    for  requesting  '//administrator/components/com_redmystic/chart/php-ofc-library/ofc_upload_ima
blacklist:  adding  151.12.37.111    for  requesting  '//openemr/library/openflashchart/php-ofc-library/ofc_upload_image.php?name=vi
blacklist:  adding  162.212.134.230  for  requesting  '/wp-content/themes/ecobiz/timthumb.php?src=http://picasa.com.fershau.com/inde
blacklist:  adding  164.138.65.121   for  requesting  '//xmlrpc.php'
blacklist:  adding  167.114.19.134   for  requesting  '/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uploa
blacklist:  adding  167.114.19.134   for  requesting  '/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uploa
blacklist:  adding  173.214.161.236  for  requesting  '/scoundrels.html/wp-content/themes/blacklabel/framework/timthumb_old.php?src=
blacklist:  adding  175.44.55.37     for  requesting  '/xmlrpc.php'
blacklist:  adding  176.9.80.109     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  178.32.40.128    for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.
blacklist:  adding  178.33.51.153    for  requesting  '/scoundrels.html/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http
blacklist:  adding  178.33.51.153    for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fimg.you
blacklist:  adding  178.79.148.117   for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fflickr.
blacklist:  adding  186.202.127.228  for  requesting  '/administrator/components/com_jnews/includes/openflashchart/php-ofc-library/o
blacklist:  adding  187.32.216.217   for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  188.132.222.50   for  requesting  '/scoundrels.html//wp-content/themes/telegraph/scripts/timthumb.php?src=http:/
blacklist:  adding  188.138.32.29    for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uplo
blacklist:  adding  188.165.239.140  for  requesting  '/scoundrels.html//wp-content/themes/telegraph/scripts/timthumb.php?src=http:/
blacklist:  adding  188.66.6.54      for  requesting  '/scoundrels.html/piwik/libs/open-flash-chart/php-ofc-library/ofc_upload_image
blacklist:  adding  189.20.72.26     for  requesting  '//wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fwordpr
blacklist:  adding  190.181.31.50    for  requesting  '/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uploa
blacklist:  adding  190.23.118.160   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  191.238.226.250  for  requesting  '//wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fwordpr
blacklist:  adding  192.99.14.30     for  requesting  '/scoundrels.html//wp-content/themes/telegraph/scripts/timthumb.php?src=http:/
blacklist:  adding  193.201.224.128  for  requesting  '/xmlrpc.php'
blacklist:  adding  193.251.72.96    for  requesting  '/scoundrels.html/wp-content/themes/Avenue/timthumb.php?src=http%3A%2F%2Fblogg
blacklist:  adding  194.213.126.129  for  requesting  '/wp-content/themes/Avenue/timthumb.php?src=http://picasa.com.agohar-intl.com/
blacklist:  adding  195.234.96.49    for  requesting  '/administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_up
blacklist:  adding  196.40.2.126     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  198.50.161.31    for  requesting  '/xmlrpc.php'
blacklist:  adding  202.130.32.19    for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fword
blacklist:  adding  202.148.11.124   for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  202.172.28.110   for  requesting  '/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uploa
blacklist:  adding  202.172.28.18    for  requesting  '/scoundrels.html&sa=U&ei=w1JJVK_sLs7f8AXvqYHABQ&ved=0
blacklist:  adding  202.6.17.27      for  requesting  '/wp-content/themes/blacklabel/framework/timthumb.php?src=http%3A%2F%2Fimg.you
blacklist:  adding  203.177.147.74   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  205.234.235.37   for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  207.7.84.10      for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  208.84.147.70    for  requesting  '/scoundrels.html//wp-content/themes/telegraph/scripts/timthumb.php?src=http:/
blacklist:  adding  213.133.101.7    for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  216.127.167.202  for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  216.227.215.58   for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uplo
blacklist:  adding  223.27.16.26     for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fword
blacklist:  adding  27.118.30.101    for  requesting  '//administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-of
blacklist:  adding  36.250.180.114   for  requesting  '/xmlrpc.php'
blacklist:  adding  46.244.123.34    for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  46.37.6.147      for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fpica
blacklist:  adding  50.28.4.105      for  requesting  '//wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fpicasa
blacklist:  adding  54.232.207.128   for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  60.250.152.231   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  62.28.241.60     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  62.28.241.60     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  62.75.150.61     for  requesting  '/wp-content/themes/ecobiz/timthumb.php?src=http%3A%2F%2Fpicasa.com.flatabovef
blacklist:  adding  62.75.230.62     for  requesting  '/wp-content/themes/Avenue/timthumb.php?src=http%3A%2F%2Fwordpress.com.longlif
blacklist:  adding  64.34.111.31     for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  66.193.212.84    for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=h
blacklist:  adding  66.7.199.128     for  requesting  '/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uploa
blacklist:  adding  68.171.217.215   for  requesting  '/wp-content/themes/telegraph/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.com
blacklist:  adding  69.175.60.90     for  requesting  '/scoundrels.html//administrator/components/com_maianmedia/utilities/charts/ph
blacklist:  adding  69.51.102.12     for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  69.90.160.65     for  requesting  '//administrator/components/com_redmystic/chart/ofc-library/ofc_upload_image.p
blacklist:  adding  72.55.168.74     for  requesting  '/components/com_acymailing/inc/openflash/php-ofc-library/ofc_upload_image.php
blacklist:  adding  76.164.201.226   for  requesting  '/xmlrpc.php'
blacklist:  adding  78.46.9.7        for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  79.99.164.3      for  requesting  '/scoundrels.html//wp-content/themes/TheTravelTheme/TheTravelTheme/includes/ti
blacklist:  adding  80.87.240.49     for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  82.194.91.28     for  requesting  '/wp-content/themes/Avenue/timthumb.php?src=http%3A%2F%2Fimg.youtube.com.barga
blacklist:  adding  85.153.44.10     for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  85.17.149.15     for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http://picasa.com
blacklist:  adding  85.17.199.49     for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  85.214.112.232   for  requesting  '/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uploa
blacklist:  adding  85.214.254.247   for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fpica
blacklist:  adding  85.238.206.182   for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fpica
blacklist:  adding  85.25.209.201    for  requesting  '/scoundrels.html//wp-content/themes/telegraph/scripts/timthumb.php?src=http:/
blacklist:  adding  86.124.79.46     for  requesting  '//administrator/components/com_maianmedia/utilities/charts/tmp-upload-images/
blacklist:  adding  87.106.129.229   for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fflickr.
blacklist:  adding  87.96.215.5      for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uplo
blacklist:  adding  91.109.2.198     for  requesting  '//administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_u
blacklist:  adding  91.109.2.198     for  requesting  '//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-li
blacklist:  adding  91.121.223.27    for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  91.196.124.226   for  requesting  '/scoundrels.html/wp-content/themes/blacklabel/framework/timthumb.php?src=http
blacklist:  adding  91.201.215.136   for  requesting  '//administrator/components/com_redmystic/chart/ofc-library/ofc_upload_image.p
blacklist:  adding  91.227.6.15      for  requesting  '//openemr/library/openflashchart/php-ofc-library/ofc_upload_image.php?name=vi
blacklist:  adding  91.227.68.26     for  requesting  '/scoundrels.html/wp-content/themes/ecobiz/timthumb.php?src=http%3A%2F%2Fpicas
blacklist:  adding  91.81.122.242    for  requesting  '/scoundrels.html//wp-content/themes/telegraph/scripts/timthumb.php?src=http:/
blacklist:  adding  91.82.220.18     for  requesting  '/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_imag
blacklist:  adding  91.82.84.209     for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http://picasa.com
blacklist:  adding  94.103.100.121   for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  95.110.169.31    for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=h

current blacklist

REFUSE     all  --  1.208.0.0/12         0.0.0.0/0           
REFUSE     all  --  27.115.0.0/17        0.0.0.0/0           
REFUSE     all  --  58.208.0.0/12        0.0.0.0/0           
REFUSE     all  --  58.248.0.0/13        0.0.0.0/0           
REFUSE     all  --  58.250.108.0/22      0.0.0.0/0           
REFUSE     all  --  59.0.0.0/8           0.0.0.0/0           
REFUSE     all  --  61.147.0.0/16        0.0.0.0/0           
REFUSE     all  --  61.174.51.192/26     0.0.0.0/0           
REFUSE     all  --  77.39.0.0/17         0.0.0.0/0           
REFUSE     all  --  87.229.111.0/24      0.0.0.0/0           
REFUSE     all  --  88.191.80.0/24       0.0.0.0/0           
REFUSE     all  --  93.114.40.0/21       0.0.0.0/0           
REFUSE     all  --  115.168.0.0/14       0.0.0.0/0           
REFUSE     all  --  116.1.0.0/16         0.0.0.0/0           
REFUSE     all  --  116.255.128.0/17     0.0.0.0/0           
REFUSE     all  --  123.31.0.0/19        0.0.0.0/0           
REFUSE     all  --  125.128.0.0/11       0.0.0.0/0           
REFUSE     all  --  180.76.0.0/16        0.0.0.0/0           
REFUSE     all  --  122.0.0.0/8          0.0.0.0/0           
REFUSE     all  --  123.138.0.0/15       0.0.0.0/0           
REFUSE     all  --  174.37.192.0/18      0.0.0.0/0           
REFUSE     all  --  182.48.0.0/18        0.0.0.0/0           
REFUSE     all  --  190.144.0.0/14       0.0.0.0/0           
REFUSE     all  --  202.117.0.0/18       0.0.0.0/0           
REFUSE     all  --  211.103.128.0/17     0.0.0.0/0           
REFUSE     all  --  217.20.169.160/27    0.0.0.0/0           
REFUSE     all  --  218.60.0.0/15        0.0.0.0/0           
REFUSE     all  --  218.0.0.0/30         0.0.0.0/0           
REFUSE     all  --  218.108.0.0/15       0.0.0.0/0           
REFUSE     all  --  219.140.0.0/16       0.0.0.0/0           
REFUSE     all  --  219.239.88.0/21      0.0.0.0/0           
REFUSE     all  --  221.0.0.0/15         0.0.0.0/0           
REFUSE     all  --  221.224.0.0/13       0.0.0.0/0           
REFUSE     all  --  222.184.0.0/13       0.0.0.0/0           
REFUSE     tcp  --  66.249.73.0/24       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  76.191.96.0/23       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  81.92.112.0/20       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  82.97.18.128/26      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  87.118.96.0/19       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  95.32.64.0/18        0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  106.10.128.0/18      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  114.32.0.0/12        0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  183.80.112.0/20      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  202.204.24.0/22      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  203.188.200.0/22     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  213.229.113.0/26     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  213.240.224.0/22     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  216.27.14.32/28      0.0.0.0/0            tcp dpt:25
REFUSE     all  --  116.8.0.0/14         0.0.0.0/0           
REFUSE     all  --  74.201.85.64/26      0.0.0.0/0           
REFUSE     all  --  117.21.0.0/16        0.0.0.0/0           
REFUSE     all  --  111.74.238.0/24      0.0.0.0/0           

Last updated Fri Oct 31 06:48:02 2014 GMT