home
*

scoundrels

Here's a list of people who recently tried to attack equius.
D --> fail2ban :: via http :: via ssh :: via smtp :: caught in traps

fail2ban

      1 [postfix] Ban 37.211.45.179
      4 [ssh] Ban 111.74.238.104

via http

   56 attempts: request: GET /images/stories/pagat.php 
   45 attempts: request: GET /wp-content/.../timthumb.php 
   40 attempts: subnet: 178.20.154.0/23
   40 attempts: host: 178.20.155.219
   32 attempts: user-agent: "ZmEu"
   32 attempts: subnet: 93.174.93.0/24
   32 attempts: host: 93.174.93.149
   24 attempts: subnet: 182.254.128.0/17
   22 attempts: request: GET http:/www.mafengwo.com/ 
   16 attempts: subnet: 212.227.20.0 - 212.227.29.255
   16 attempts: subnet: 190.107.80.0/21
   16 attempts: host: 212.227.28.8
   16 attempts: host: 190.107.81.69
   15 attempts: request: GET /images/stories/food.php 
   12 attempts: subnet: 212.51.195.0/24
   12 attempts: host: 212.51.195.4
   11 attempts: host: 107.167.177.52
   10 attempts: subnet: 144.76.0.0/16
   10 attempts: host: 144.76.114.78

via ssh

  111.74.238.138 : 769 password attempts : 111.72.0.0/13 : 
  202.109.143.93 : 704 password attempts : 202.109.128.0/18 : 
  117.21.191.197 : 620 password attempts : 117.21.0.0/16 : 
  117.21.191.210 : 500 password attempts : 117.21.0.0/16 : 
 115.239.248.122 : 500 password attempts : 115.239.248.0/24 : 
  111.74.238.104 : 454 password attempts : 111.72.0.0/13 : 
  117.21.225.169 : 328 password attempts : 117.21.0.0/16 : 
   223.4.200.247 : 156 password attempts : 223.4.0.0/14 : ip223.hichina.com
  220.177.198.27 : 130 password attempts : 220.175.0.0 - 220.177.255.255 : 
  219.138.135.71 : 120 password attempts : 219.138.0.0 - 219.140.255.255 : 
 211.255.130.228 : 70 password attempts : 211.232.0.0 - 211.255.255.255 : 
  183.136.214.36 : 28 password attempts : 183.136.214.0/24 : 
      144.0.0.66 : 24 password attempts : 144.0.0.0/16 : 
      144.0.0.31 : 22 password attempts : 144.0.0.0/16 : 
   115.88.194.40 : 19 password attempts : 115.88.0.0/13 : 
 202.169.224.213 : 15 password attempts : 202.169.224.192/26 : host-202-169-224-213.jogjamedianet.com
   75.148.216.82 : 14 password attempts : 75-148-216-82-Houston.hfc.comcastbusiness.net
      144.0.0.41 : 12 password attempts : 144.0.0.0/16 : 

smtp

  754  blocked using bl.spamcop.net;
  516  warning: hostname does not resolve to address
  477  blocked by greylisting (28 attempts from 201.141.221.228)
  331  reject: Sender address rejected: Domain not found
  267  blocked using cbl.abuseat.org;
  101  reject: Helo command rejected: need fully-qualified hostname
   64  reject: Recipient address rejected: SPF
   34  reject: Recipient address rejected: mailbox disabled
   32  Received-SPF: softfail
   27  blocked using dnsbl.sorbs.net;
   25  Relay access denied
   19  Received-SPF: permerror
   19  blocked using zen.spamhaus.org;
   12  warning: numeric domain name in resource data of MX record
   12  reject: Client host rejected: Access denied
    3  ...: warning: valid_hostname: empty hostname
    3  warning: malformed domain name in resource data of MX record
    3  reject: Sender address rejected: Malformed DNS server reply
    2  reject: Helo command rejected: Invalid name

caught in traps

blacklist:  adding  104.41.133.232   for  requesting  '/scoundrels.html&sa=U&ei=aVchVJW4OYasyATP5YKgDg&ved=0
blacklist:  adding  109.169.49.47    for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fflickr.
blacklist:  adding  110.77.138.168   for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.
blacklist:  adding  112.175.184.96   for  requesting  '/scoundrels.html%22%20target=%22_self/wp-content/themes/blacklabel/framework/
blacklist:  adding  112.78.6.210     for  requesting  '//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-li
blacklist:  adding  116.197.136.81   for  requesting  '/wp-content/themes/Avenue/timthumb.php?src=http%3A%2F%2Fflickr.com.hotelkouri
blacklist:  adding  128.199.194.31   for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  142.4.20.118     for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fimg.
blacklist:  adding  144.76.157.150   for  requesting  '/admin/categories.php/login.php?cPath=&action=new_product_preview'
blacklist:  adding  148.251.136.210  for  requesting  '//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-li
blacklist:  adding  162.144.97.104   for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  162.209.2.139    for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.
blacklist:  adding  168.144.159.199  for  requesting  '/scoundrels.html/wp-content/themes/blacklabel/framework/timthumb.php?src=http
blacklist:  adding  173.224.113.122  for  requesting  '/wp-content/themes/blacklabel/framework/timthumb.php?src=http%3A%2F%2Fflickr.
blacklist:  adding  174.140.163.88   for  requesting  '/wp-content/themes/blacklabel/framework/timthumb.php?src=http%3A%2F%2Fimg.you
blacklist:  adding  176.9.62.166     for  requesting  '/scoundrels.html/administrator/components/com_civicrm/civicrm/packages/OpenFl
blacklist:  adding  184.107.219.242  for  requesting  '//administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-of
blacklist:  adding  187.45.240.64    for  requesting  '/scoundrels.html/administrator/components/com_jnews/includes/openflashchart/p
blacklist:  adding  187.45.240.64    for  requesting  '/scoundrels.html/administrator/components/com_jnewsletter/includes/openflashc
blacklist:  adding  187.45.240.64    for  requesting  '/scoundrels.html/components/com_jnews/includes/openflashchart/php-ofc-library
blacklist:  adding  187.61.61.120    for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  188.138.75.223   for  requesting  '/scoundrels.html//administrator/components/com_jinc/classes/graphics/php-ofc-
blacklist:  adding  188.244.39.126   for  requesting  '//administrator/components/com_maianmedia/utilities/charts/php-ofc-library/of
blacklist:  adding  190.114.252.104  for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  190.14.56.40     for  requesting  '/scoundrels.html//components/com_jnews/includes/openflashchart/php-ofc-librar
blacklist:  adding  190.14.56.40     for  requesting  '/scoundrels.html//components/com_jnews/includes/openflashchart/php-ofc-librar
blacklist:  adding  190.245.168.145  for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  192.99.154.40    for  requesting  '/scoundrels.html&sa=U&ei=csAhVOGmItWsyATJpIFQ&ved=0CI
blacklist:  adding  193.150.13.136   for  requesting  '/scoundrels.html/xmlrpc.php'
blacklist:  adding  193.201.224.4    for  requesting  '/xmlrpc.php'
blacklist:  adding  193.26.6.54      for  requesting  '//admin_area/charts/ofc-library/ofc_upload_image.php?name=magic.php'
blacklist:  adding  193.40.12.36     for  requesting  '//php-ofc-library/ofc_upload_image.php?name=lobex21.php'
blacklist:  adding  193.40.12.36     for  requesting  '//php-ofc-library/ofc_upload_image.php?name=lobex21.php'
blacklist:  adding  193.40.12.36     for  requesting  '//php-ofc-library/ofc_upload_image.php?name=lobex21.php'
blacklist:  adding  193.87.72.194    for  requesting  '//administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-of
blacklist:  adding  194.28.172.240   for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fpica
blacklist:  adding  194.33.184.31    for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uplo
blacklist:  adding  197.221.14.220   for  requesting  '//wp-content/plugins/seo-watcher/ofc/php-ofc-library/ofc_upload_image.php?nam
blacklist:  adding  198.1.73.167     for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  200.11.67.86     for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fwordpre
blacklist:  adding  200.13.244.118   for  requesting  '//administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_imag
blacklist:  adding  200.98.197.96    for  requesting  '/scoundrels.html//components/com_jnews/includes/openflashchart/php-ofc-librar
blacklist:  adding  201.175.21.237   for  requesting  '//administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_u
blacklist:  adding  201.175.21.237   for  requesting  '//administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-of
blacklist:  adding  201.175.21.237   for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uplo
blacklist:  adding  201.175.21.237   for  requesting  '//administrator/components/com_jnews/includes/openflashchart/php-ofc-library/
blacklist:  adding  201.175.21.237   for  requesting  '//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-li
blacklist:  adding  201.175.21.237   for  requesting  '//administrator/components/com_maianmedia/utilities/charts/php-ofc-library/of
blacklist:  adding  201.99.1.64      for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  201.99.1.64      for  requesting  '/scoundrels.html//components/com_jnews/includes/openflashchart/php-ofc-librar
blacklist:  adding  202.137.10.104   for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.
blacklist:  adding  202.183.176.234  for  requesting  '/scoundrels.html//components/com_jnews/includes/openflashchart/php-ofc-librar
blacklist:  adding  202.91.177.146   for  requesting  '/wp-content/themes/blacklabel/framework/timthumb.php?src=http%3A%2F%2Fpicasa.
blacklist:  adding  212.247.118.91   for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fpica
blacklist:  adding  212.51.195.4     for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uplo
blacklist:  adding  212.51.195.4     for  requesting  '//administrator/components/com_maianmedia/utilities/charts/php-ofc-library/of
blacklist:  adding  213.203.186.155  for  requesting  '/wp-content/themes/blacklabel/framework/timthumb.php?src=http%3A%2F%2Fpicasa.
blacklist:  adding  216.227.220.35   for  requesting  '/wp-content/themes/ecobiz/timthumb.php?src=http%3A%2F%2Fpicasa.com.ar88.net%2
blacklist:  adding  217.112.40.116   for  requesting  '//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-li
blacklist:  adding  220.135.85.2     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  220.135.85.2     for  requesting  '/scoundrels.html&sa=U&ei=qr8hVN_3Eoim8AXuxoLQBg&ved=0
blacklist:  adding  222.124.28.164   for  requesting  '/scoundrels.html&sa=U&ei=qb8hVPWKL4KJuASVjYDYCA&ved=0
blacklist:  adding  23.98.149.127    for  requesting  '/scoundrels.html//components/com_jnews/includes/openflashchart/php-ofc-librar
blacklist:  adding  27.254.67.156    for  requesting  '//administrator/components/com_redmystic/chart/php-ofc-library/ofc_upload_ima
blacklist:  adding  31.192.209.75    for  requesting  '/wp-content/themes/blacklabel/framework/timthumb.php?src=http%3A%2F%2Fflickr.
blacklist:  adding  31.208.45.191    for  requesting  '/scoundrels.html&sa=U&ei=rr8hVKybM-OJjALP7oFo&ved=0CM
blacklist:  adding  31.31.203.221    for  requesting  '/wp-content/themes/Avenue/timthumb.php?src=http%3A%2F%2Fimg.youtube.com.barga
blacklist:  adding  37.247.54.2      for  requesting  '/wp-content/themes/ecobiz/timthumb.php?src=http://picasa.com.ar88.net/indeks.
blacklist:  adding  49.77.150.7      for  requesting  '/xmlrpc.php'
blacklist:  adding  50.63.194.71     for  requesting  '//administrator/components/com_maianmedia/utilities/charts/php-ofc-library/of
blacklist:  adding  61.138.140.18    for  requesting  '//administrator/components/com_redmystic/chart/ofc-library/ofc_upload_image.p
blacklist:  adding  62.210.99.136    for  requesting  '/xmlrpc.php'
blacklist:  adding  64.40.99.178     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  69.64.95.53      for  requesting  '/wp-content/themes/ecobiz/timthumb.php?src=http://picasa.com.ar88.net/indeks.
blacklist:  adding  74.220.219.74    for  requesting  '/administrator/components/com_redmystic/chart/ofc-library/ofc_upload_image.ph
blacklist:  adding  76.19.47.29      for  requesting  '//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-li
blacklist:  adding  77.41.147.18     for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uplo
blacklist:  adding  78.233.77.148    for  requesting  '/wp-content/themes/blacklabel/framework/timthumb.php?src=http%3A%2F%2Fpicasa.
blacklist:  adding  78.47.29.198     for  requesting  '/scoundrels.html&sa=U&ei=K0cqVNzwONLgasutgogF&ved=0CI
blacklist:  adding  80.93.221.228    for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  81.225.200.238   for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fpica
blacklist:  adding  81.225.208.217   for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.
blacklist:  adding  81.228.200.9     for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fpica
blacklist:  adding  81.29.214.206    for  requesting  '/wp-content/themes/telegraph/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.com
blacklist:  adding  82.198.81.203    for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http://picasa.com.ar
blacklist:  adding  83.170.115.94    for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uplo
blacklist:  adding  83.86.208.75     for  requesting  '/scoundrels.html&sa=U&ei=ouYhVKKbDJGEiwL164DoAw&ved=0
blacklist:  adding  84.123.225.195   for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  84.177.19.215    for  requesting  '//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-li
blacklist:  adding  85.118.236.24    for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fvictorc
blacklist:  adding  87.97.76.218     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  89.184.75.132    for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uplo
blacklist:  adding  89.184.75.132    for  requesting  '/scoundrels.html//administrator/components/com_jinc/classes/graphics/php-ofc-
blacklist:  adding  90.224.215.183   for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.
blacklist:  adding  91.121.14.64     for  requesting  '/scoundrels.html/admin/categories.php/login.php?cPath=&action=new_product
blacklist:  adding  91.218.228.113   for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uplo
blacklist:  adding  93.152.254.25    for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  94.23.48.138     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  94.23.48.138     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  95.78.236.50     for  requesting  '/wp-content/themes/telegraph/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.com

current blacklist

REFUSE     all  --  1.208.0.0/12         0.0.0.0/0           
REFUSE     all  --  27.115.0.0/17        0.0.0.0/0           
REFUSE     all  --  58.208.0.0/12        0.0.0.0/0           
REFUSE     all  --  58.248.0.0/13        0.0.0.0/0           
REFUSE     all  --  58.250.108.0/22      0.0.0.0/0           
REFUSE     all  --  59.0.0.0/8           0.0.0.0/0           
REFUSE     all  --  61.147.0.0/16        0.0.0.0/0           
REFUSE     all  --  61.174.51.192/26     0.0.0.0/0           
REFUSE     all  --  77.39.0.0/17         0.0.0.0/0           
REFUSE     all  --  87.229.111.0/24      0.0.0.0/0           
REFUSE     all  --  88.191.80.0/24       0.0.0.0/0           
REFUSE     all  --  93.114.40.0/21       0.0.0.0/0           
REFUSE     all  --  115.168.0.0/14       0.0.0.0/0           
REFUSE     all  --  116.1.0.0/16         0.0.0.0/0           
REFUSE     all  --  116.255.128.0/17     0.0.0.0/0           
REFUSE     all  --  123.31.0.0/19        0.0.0.0/0           
REFUSE     all  --  125.128.0.0/11       0.0.0.0/0           
REFUSE     all  --  180.76.0.0/16        0.0.0.0/0           
REFUSE     all  --  122.0.0.0/8          0.0.0.0/0           
REFUSE     all  --  123.138.0.0/15       0.0.0.0/0           
REFUSE     all  --  174.37.192.0/18      0.0.0.0/0           
REFUSE     all  --  182.48.0.0/18        0.0.0.0/0           
REFUSE     all  --  190.144.0.0/14       0.0.0.0/0           
REFUSE     all  --  202.117.0.0/18       0.0.0.0/0           
REFUSE     all  --  211.103.128.0/17     0.0.0.0/0           
REFUSE     all  --  217.20.169.160/27    0.0.0.0/0           
REFUSE     all  --  218.60.0.0/15        0.0.0.0/0           
REFUSE     all  --  218.0.0.0/30         0.0.0.0/0           
REFUSE     all  --  218.108.0.0/15       0.0.0.0/0           
REFUSE     all  --  219.140.0.0/16       0.0.0.0/0           
REFUSE     all  --  219.239.88.0/21      0.0.0.0/0           
REFUSE     all  --  221.0.0.0/15         0.0.0.0/0           
REFUSE     all  --  221.224.0.0/13       0.0.0.0/0           
REFUSE     all  --  222.184.0.0/13       0.0.0.0/0           
REFUSE     tcp  --  66.249.73.0/24       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  76.191.96.0/23       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  81.92.112.0/20       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  82.97.18.128/26      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  87.118.96.0/19       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  95.32.64.0/18        0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  106.10.128.0/18      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  114.32.0.0/12        0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  183.80.112.0/20      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  202.204.24.0/22      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  203.188.200.0/22     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  213.229.113.0/26     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  213.240.224.0/22     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  216.27.14.32/28      0.0.0.0/0            tcp dpt:25
REFUSE     all  --  116.8.0.0/14         0.0.0.0/0           
REFUSE     all  --  74.201.85.64/26      0.0.0.0/0           
REFUSE     all  --  117.21.0.0/16        0.0.0.0/0           

Last updated Tue Sep 30 06:48:02 2014 GMT