home
*

scoundrels

Here's a list of people who recently tried to attack equius.
D --> fail2ban :: via http :: via ssh :: via smtp :: caught in traps

fail2ban

      4 [pam-generic] Ban 125.215.152.5
      1 [pam-generic] Ban 182.100.67.113
      1 [pam-generic] Ban 203.100.83.32
     14 [pam-generic] Ban 211.255.130.237
     71 [pam-generic] Ban 43.255.189.30
      1 [pam-generic] Ban 85.159.132.185
      1 [ssh] Ban 109.161.255.234
      1 [ssh] Ban 110.36.22.221
      1 [ssh] Ban 117.253.149.189
      1 [ssh] Ban 117.253.250.150
      4 [ssh] Ban 125.215.152.5
      1 [ssh] Ban 182.100.67.113
      1 [ssh] Ban 182.74.172.130
      1 [ssh] Ban 184.168.119.160
      1 [ssh] Ban 193.104.41.53
      1 [ssh] Ban 194.126.203.146
      1 [ssh] Ban 203.100.83.32
      2 [ssh] Ban 208.109.111.61
      4 [ssh] Ban 208.109.187.34
     15 [ssh] Ban 211.255.130.237
      1 [ssh] Ban 221.207.32.250
     71 [ssh] Ban 43.255.189.30
      5 [ssh] Ban 77.56.125.125
      1 [ssh] Ban 85.159.132.185

via http

  350 attempts: turned away. Too many connections. 
  170 attempts: request: GET /administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php 
  168 attempts: subnet: 173.201.0.0/16
  168 attempts: host: 173.201.196.214
  144 attempts: subnet: 104.243.16.0/20
  144 attempts: host: 104.243.24.211
   55 attempts: request: GET /components/com_hdflvplayer/hdflvplayer/download.php 
   52 attempts: subnet: 185.0.0.0/8
   50 attempts: subnet: 176.0.0.0/8
   44 attempts: subnet: 118.0.0.0/8
   37 attempts: subnet: 37.0.0.0/8
   34 attempts: request: GET /images/stories/petx.php 
   34 attempts: request: GET /images/stories/explore.php 
   34 attempts: host: 185.62.188.97
   34 attempts: host: 118.97.170.254
   33 attempts: host: 176.195.166.158
   31 attempts: subnet: 177.0.0.0/8
   31 attempts: host: 177.158.79.73
   28 attempts: request: GET /images/stories/magic.php 
   26 attempts: request: GET /index.php 
   26 attempts: request: GET /components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php 
   24 attempts: subnet: 97.74.0.0/16
   24 attempts: subnet: 212.0.0.0/8
   24 attempts: host: 97.74.24.224
   24 attempts: host: 212.23.64.172
   23 attempts: subnet: 201.0.0.0/8
   23 attempts: host: 201.26.111.28
   21 attempts: subnet: 95.0.0.0/8
   20 attempts: subnet: 184.168.0.0/16
   20 attempts: request: GET /wp-admin/admin-ajax.php 
   20 attempts: host: 37.187.137.27
   20 attempts: host: 184.168.27.101
   18 attempts: host: 185.9.159.176
   17 attempts: subnet: 128.199.0.0/16
   17 attempts: host: 128.199.164.106
   16 attempts: subnet: 113.0.0.0/8
   16 attempts: host: 113.66.40.234
   15 attempts: subnet: 62.0.0.0/8
   15 attempts: request: GET /xmlrpc.php 
   14 attempts: subnet: 83.0.0.0/8
   14 attempts: host: 83.233.138.118
   14 attempts: host: 62.210.251.69
   13 attempts: host: 95.85.213.62
   12 attempts: user-agent: "ZmEu"
   12 attempts: subnet: 198.23.140.176 - 198.23.140.183
   12 attempts: subnet: 174.0.0.0/13
   12 attempts: request: GET /images/stories/food.php 
   12 attempts: host: 198.23.140.178
   12 attempts: host: 174.2.86.174
   11 attempts: host: 176.193.104.178
   10 attempts: subnet: 46.0.0.0/8
   10 attempts: subnet: 174.136.12.0 - 174.136.15.255
   10 attempts: host: 174.136.15.133

via ssh

 4759 password attempts :           43.0.0.0/8 :  43.255.189.30, 43.255.188.136, 43.255.188.137, 43.255.188.139, 43.255.188.143, 43.
  480 password attempts :          218.0.0.0/8 :  218.25.54.25, 218.4.111.78, 218.4.117.26, 218.65.30.23, 218.65.30.61, 218.65.30.73
  361 password attempts :           77.0.0.0/8 :  77.236.99.200, 77.56.125.125
  199 password attempts :          182.0.0.0/8 :  182.18.3.180, 182.100.67.102, 182.100.67.112, 182.100.67.113, 182.100.67.114, 182.
  171 password attempts :          211.0.0.0/8 :  211.144.37.41, 211.94.189.86, 211.194.192.243, 211.255.130.237
   82 password attempts :          113.0.0.0/8 :  113.20.28.14, 113.98.255.48, 113.106.228.76, 113.195.145.12, 113.195.145.70, 113.1
   53 password attempts :          125.0.0.0/8 :  125.69.80.32, 125.215.152.5, 125.63.92.146, 125.21.241.130
   46 password attempts :       208.109.0.0/16 :  208.109.111.61, 208.109.187.34
   39 password attempts :          124.0.0.0/8 :  124.207.49.46, 124.173.112.12, 124.167.234.148
   36 password attempts :           61.0.0.0/8 :  61.139.5.22, 61.157.78.93, 61.91.171.55, 61.146.79.106, 61.152.108.18, 61.178.152.
   33 password attempts :           96.8.100.0 - 96.8.100.255 :  96.8.100.5
   29 password attempts :          210.0.0.0/8 :  210.57.210.12, 210.77.96.164, 210.252.145.151
   27 password attempts :          117.0.0.0/8 :  117.245.9.79, 117.253.98.61, 117.27.136.14, 117.79.146.58, 117.253.223.72, 117.41.
   23 password attempts :           94.0.0.0/8 :  94.52.144.12, 94.102.49.123
   21 password attempts :           60.0.0.0/8 :  60.12.21.162, 60.28.205.41, 60.191.205.81, 60.206.40.189, 60.248.187.251
   20 password attempts :          203.0.0.0/8 :  203.100.83.32, 203.200.172.68, 203.146.125.234
   19 password attempts :          200.0.0.0/8 :  200.63.166.32, 200.50.113.160, 200.87.139.154
   18 password attempts :          202.0.0.0/8 :  202.46.14.130, 202.75.221.81, 202.101.233.19, 202.114.106.14, 202.198.129.78
   18 password attempts :          118.0.0.0/8 :  118.157.77.28, 118.175.5.100, 118.139.160.95, 118.175.13.246, 118.186.216.62, 118.
   16 password attempts :          217.0.0.0/8 :  217.170.194.67, 217.170.195.51, 217.144.201.243
   15 password attempts :          222.0.0.0/8 :  222.73.52.56, 222.91.162.45, 222.216.29.175, 222.85.127.205, 222.158.196.223, 222.
   13 password attempts :           85.0.0.0/8 :  85.124.51.149, 85.159.132.185
   13 password attempts :           27.0.0.0/8 :  27.75.97.63, 27.131.3.130, 27.254.67.139
   13 password attempts :          123.0.0.0/8 :  123.49.43.215, 123.49.43.220, 123.196.116.66, 123.30.137.114
   13 password attempts :          110.0.0.0/8 :  110.80.39.66, 110.36.22.221
   12 password attempts :           58.0.0.0/8 :  58.67.159.31, 58.206.126.23, 58.206.126.24
   12 password attempts :          221.0.0.0/8 :  221.203.3.10, 221.195.56.47, 221.207.32.250
   12 password attempts :      198.154.60.0/22 :  198.154.62.59
   12 password attempts :          188.0.0.0/8 :  188.138.72.27, 188.209.52.66, 188.227.87.82, 188.138.113.113, 188.190.101.110
   12 password attempts :       184.168.0.0/16 :  184.168.119.160
   12 password attempts :          114.0.0.0/8 :  114.34.149.14, 114.113.225.26, 114.251.247.77

smtp

 5534  warning: hostname does not resolve to address
  979  reject: Sender address rejected: Domain not found
  972  blocked using bl.spamcop.net;
  862  blocked by greylisting (12 attempts from 158.181.212.176)
  532  reject: Recipient address rejected: SPF
  376  blocked using cbl.abuseat.org;
  280  reject: Helo command rejected: need fully-qualified hostname
   80  blocked using zen.spamhaus.org;
   58  reject: Recipient address rejected: mailbox disabled
   49  reject: Client host rejected: Access denied
   31  Relay access denied
   30  blocked using dnsbl.sorbs.net;
   24  Received-SPF: softfail
   20  warning: numeric domain name in resource data of MX record
   16  ...: warning: numeric hostname: 178.72.180.162
    8  ...: warning: TLS library problem: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1262:
    4  reject: Recipient address rejected: User unknown in virtual alias table
    4  Received-SPF: permerror
    2  ...: warning: unknown[80.122.204.166]: SASL PLAIN authentication failed: 
    2  ...: warning: non-SMTP command from unknown[182.118.53.116]: GET / HTTP/1.0

caught in traps

50.177.201.246   for  requesting  '//administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload
5.39.40.163      for  requesting  '//administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload
78.233.77.148    for  requesting  '//administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload
110.232.141.4    for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
142.4.20.237     for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
182.50.130.47    for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
184.168.193.23   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
192.52.243.128   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
195.242.191.45   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
217.160.179.231  for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
77.120.103.184   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
80.93.26.35      for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
89.187.85.6      for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
92.222.252.172   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
97.74.144.115    for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
97.74.24.193     for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
97.74.24.224     for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
216.59.21.25     for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_
182.50.130.214   for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php'
46.20.35.65      for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php?name=lo
78.233.77.148    for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php?name=lo
109.168.109.224  for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php?name=ma
173.201.196.214  for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php?name=ma
200.98.246.208   for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php?name=ma
199.38.217.144   for  requesting  '//administrator/components/com_jnews/classes/graphics/php-ofc-library/ofc_upload_image.php?name=p
189.212.185.220  for  requesting  '//administrator/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php
185.61.39.3      for  requesting  '//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_ima
95.220.100.225   for  requesting  '//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_ima
95.26.17.247     for  requesting  '//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_ima
95.26.41.51      for  requesting  '//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_ima
46.20.35.65      for  requesting  '//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_ima
167.114.118.221  for  requesting  '//administrator/components/com_redmystic/chart/php-ofc-library/ofc_upload_image.php?name=vito.pht
184.168.27.54    for  requesting  '//components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php?name=magic.php'
142.4.209.56     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php'
188.165.199.121  for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php'
190.210.9.22     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php'
200.98.246.157   for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php'
94.23.254.103    for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=magic.ph
195.14.0.221     for  requesting  '/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=mil.php'
198.27.68.131    for  requesting  '/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=mil.php'
213.95.255.231   for  requesting  '/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=mil.php'
84.19.175.154    for  requesting  '//components/com_joomleague/assets/classes/open-flash-chart/ofc_upload_image.php?name=lobex21.php
46.20.35.65      for  requesting  '//core/lib/php-ofc-library/ofc_upload_image.php?name=lobex21.php'
38.123.203.155   for  requesting  '/library/openflashchart/php-ofc-library/ofc_upload_image.php?name=petx.php'
81.21.70.198     for  requesting  '/library/openflashchart/php-ofc-library/ofc_upload_image.php?name=petx.php'
167.114.118.221  for  requesting  '//openemr/library/openflashchart/php-ofc-library/ofc_upload_image.php?name=vito.phtml'
103.9.103.96     for  requesting  '//php-ofc-library/ofc_upload_image.php?name=lobex21.php'
187.17.106.106   for  requesting  '//php-ofc-library/ofc_upload_image.php?name=lobex21.php'
176.31.222.116   for  requesting  '/scoundrels.html/administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_upload
187.45.187.131   for  requesting  '/scoundrels.html/administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_upload
173.201.196.60   for  requesting  '/scoundrels.html//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_i
182.50.132.85    for  requesting  '/scoundrels.html//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-librar
101.0.76.6       for  requesting  '/scoundrels.html//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.p
190.210.9.22     for  requesting  '/scoundrels.html//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.p
5.249.153.210    for  requesting  '/scoundrels.html//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.p
192.52.243.140   for  requesting  '/scoundrels.html/wp-content/themes/cadabrapress/scripts/timthumb.php'
50.63.152.38     for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php'
80.90.198.150    for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php'
91.200.12.9      for  requesting  '/sites/all/modules/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php'
37.59.125.59     for  requesting  '//sites/all/modules/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php?name=mag
199.116.77.13    for  requesting  '/!tim?src=http%3A%2F%2Fwww.andre.com.fullmaxfoods.com%2Fx.php'
104.197.40.205   for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.com.blitar-coder.com
46.182.106.2     for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src='
162.251.164.114  for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2F64.110.24.103%2F3asfora.
85.13.152.166    for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fflickr.com.potolok.by%2F
213.246.53.105   for  requesting  '//wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fmarginalvaluepartners.c
190.41.7.35      for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fwww.aimspune.com//%2Fcor
200.68.105.43    for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http://picasa.com.nock.ca/id.txt'
62.210.94.84     for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http://picasa.com.nock.ca/upx.php'

current blacklist

REFUSE     all  --  1.208.0.0/12         0.0.0.0/0           
REFUSE     all  --  27.115.0.0/17        0.0.0.0/0           
REFUSE     all  --  58.208.0.0/12        0.0.0.0/0           
REFUSE     all  --  58.248.0.0/13        0.0.0.0/0           
REFUSE     all  --  58.250.108.0/22      0.0.0.0/0           
REFUSE     all  --  59.0.0.0/8           0.0.0.0/0           
REFUSE     all  --  61.147.0.0/16        0.0.0.0/0           
REFUSE     all  --  61.174.51.192/26     0.0.0.0/0           
REFUSE     all  --  74.201.85.64/26      0.0.0.0/0           
REFUSE     all  --  77.39.0.0/17         0.0.0.0/0           
REFUSE     all  --  87.229.111.0/24      0.0.0.0/0           
REFUSE     all  --  88.191.80.0/24       0.0.0.0/0           
REFUSE     all  --  93.114.40.0/21       0.0.0.0/0           
REFUSE     all  --  103.41.124.0/24      0.0.0.0/0           
REFUSE     all  --  115.168.0.0/14       0.0.0.0/0           
REFUSE     all  --  115.231.216.0/21     0.0.0.0/0           
REFUSE     all  --  115.239.228.0/24     0.0.0.0/0           
REFUSE     all  --  116.1.0.0/16         0.0.0.0/0           
REFUSE     all  --  116.8.0.0/14         0.0.0.0/0           
REFUSE     all  --  116.255.128.0/17     0.0.0.0/0           
REFUSE     all  --  117.21.0.0/16        0.0.0.0/0           
REFUSE     all  --  123.31.0.0/19        0.0.0.0/0           
REFUSE     all  --  125.128.0.0/11       0.0.0.0/0           
REFUSE     all  --  180.76.0.0/16        0.0.0.0/0           
REFUSE     all  --  122.0.0.0/8          0.0.0.0/0           
REFUSE     all  --  123.138.0.0/15       0.0.0.0/0           
REFUSE     all  --  174.37.192.0/18      0.0.0.0/0           
REFUSE     all  --  182.48.0.0/18        0.0.0.0/0           
REFUSE     all  --  190.144.0.0/14       0.0.0.0/0           
REFUSE     all  --  202.117.0.0/18       0.0.0.0/0           
REFUSE     all  --  211.103.128.0/17     0.0.0.0/0           
REFUSE     all  --  217.20.169.160/27    0.0.0.0/0           
REFUSE     all  --  218.60.0.0/15        0.0.0.0/0           
REFUSE     all  --  218.0.0.0/30         0.0.0.0/0           
REFUSE     all  --  218.108.0.0/15       0.0.0.0/0           
REFUSE     all  --  219.140.0.0/16       0.0.0.0/0           
REFUSE     all  --  219.239.88.0/21      0.0.0.0/0           
REFUSE     all  --  220.176.0.0/15       0.0.0.0/0           
REFUSE     all  --  221.0.0.0/15         0.0.0.0/0           
REFUSE     all  --  221.224.0.0/13       0.0.0.0/0           
REFUSE     all  --  222.184.0.0/13       0.0.0.0/0           
REFUSE     tcp  --  66.249.73.0/24       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  76.191.96.0/23       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  81.92.112.0/20       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  82.97.18.128/26      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  87.118.96.0/19       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  95.32.64.0/18        0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  106.10.128.0/18      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  114.32.0.0/12        0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  183.80.112.0/20      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  202.204.24.0/22      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  203.188.200.0/22     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  213.229.113.0/26     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  213.240.224.0/22     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  216.27.14.32/28      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  158.255.0.0/21       0.0.0.0/0            tcp dpt:25
REFUSE     all  --  43.229.52.0/24       0.0.0.0/0           

Last updated Fri Jul 3 00:48:01 2015 GMT