home
*

scoundrels

Here's a list of people who recently tried to attack equius.
D --> fail2ban :: via http :: via ssh :: via smtp :: caught in traps

fail2ban

      1 [postfix] Ban 113.163.189.12
      1 [postfix] Ban 117.0.37.19
      2 [postfix] Ban 118.140.15.34
      1 [postfix] Ban 186.84.14.44
      1 [postfix] Ban 188.2.251.176
      1 [postfix] Ban 192.99.42.116
      1 [postfix] Ban 196.206.255.121
      1 [postfix] Ban 37.77.82.86
      2 [postfix] Ban 72.51.35.183
      1 [postfix] Ban 94.41.240.80

via http

   56 attempts: request: GET /images/stories/vito.php 
   48 attempts: subnet: 182.254.128.0/17
   48 attempts: request: GET http:/www.mafengwo.com/ 
   45 attempts: host: 74.86.147.196
   42 attempts: request: GET /images/stories/explore.php 
   38 attempts: request: GET /wp-content/.../timthumb.php 
   29 attempts: subnet: 151.12.37.0/24
   29 attempts: host: 151.12.37.111
   27 attempts: request: GET /images/stories/petx.php 
   24 attempts: subnet: 88.119.196.0/24
   24 attempts: subnet: 83.147.65.0/24
   24 attempts: host: 88.119.196.88
   24 attempts: host: 83.147.65.64
   22 attempts: request: GET /wp-login.php 
   16 attempts: subnet: 80.87.240.0/24
   16 attempts: request: GET /wp-content/.../timthumb_old.php 
   16 attempts: host: 80.87.240.49
   16 attempts: host: 209.191.185.166
   15 attempts: request: GET /scoundrels.html/wp-content/.../timthumb.php 
   15 attempts: request: GET /images/stories/3xp.php 
   14 attempts: request: GET /images/stories/food.php 
   13 attempts: subnet: 126.0.0.0/8
   13 attempts: request: GET /index.php 
   13 attempts: host: 126.10.211.58
   12 attempts: host: 72.55.168.74
   10 attempts: subnet: 176.9.6.200/29
   10 attempts: host: 176.9.6.202

via ssh

  192.126.120.60 : 7066 password attempts : 
  197.232.19.210 : 1333 password attempts : 197.232.0.0/16 : mail.kenton.ac.ke
 202.109.143.111 : 843 password attempts : 202.109.128.0/18 : 
  115.239.248.54 : 704 password attempts : 115.239.248.0/24 : 
   183.57.57.200 : 429 password attempts : 183.0.0.0/10 : 
   202.109.143.5 : 298 password attempts : 202.109.128.0/18 : 
  123.157.150.54 : 124 password attempts : 123.152.0.0/13 : 
     218.2.0.135 : 122 password attempts : 218.2.0.0 - 218.4.255.255 : 
     218.2.0.126 : 107 password attempts : 218.2.0.0 - 218.4.255.255 : 
   117.27.158.89 : 80 password attempts : 117.24.0.0/13 : 
    85.214.94.83 : 46 password attempts : 85.214.16.0 - 85.214.139.255 : h1785803.stratoserver.net
     218.2.0.125 : 46 password attempts : 218.2.0.0 - 218.4.255.255 : 
     218.2.0.123 : 36 password attempts : 218.2.0.0 - 218.4.255.255 : 
   61.166.189.69 : 33 password attempts : 61.166.0.0/16 : 
  87.106.111.156 : 31 password attempts : 87.106.111.0/24 : s15444639.onlinehome-server.info
 132.199.102.173 : 30 password attempts : 132.199.0.0/16 : pc1011306727.uni-regensburg.de
     218.2.0.128 : 26 password attempts : 218.2.0.0 - 218.4.255.255 : 
     60.173.26.8 : 25 password attempts : 60.166.0.0 - 60.175.255.255 : 
     218.2.0.133 : 24 password attempts : 218.2.0.0 - 218.4.255.255 : 
  74.208.148.210 : 23 password attempts : ns2.mycherryfield.net
     218.2.0.121 : 19 password attempts : 218.2.0.0 - 218.4.255.255 : 
 211.234.116.162 : 16 password attempts : 211.232.0.0 - 211.255.255.255 : db.viikii.net
     218.2.0.129 : 15 password attempts : 218.2.0.0 - 218.4.255.255 : 
  117.27.158.104 : 15 password attempts : 117.24.0.0/13 : 
    60.190.71.52 : 14 password attempts : 60.190.71.52/30 : 
  121.40.198.116 : 14 password attempts : 121.40.0.0/14 : 
   117.27.158.69 : 14 password attempts : 117.24.0.0/13 : 
   222.219.187.9 : 12 password attempts : 222.219.0.0 - 222.221.255.255 : 
  123.127.36.162 : 12 password attempts : 123.127.36.160/27 : 
  118.123.213.82 : 12 password attempts : 118.120.0.0/14 : 
  180.210.234.87 : 11 password attempts : 180.210.224.0/19 : 

smtp

 1168  warning: hostname does not resolve to address
  992  blocked using bl.spamcop.net;
  847  blocked by greylisting (34 attempts from 188.47.23.42)
  483  reject: Sender address rejected: Domain not found
  479  blocked using cbl.abuseat.org;
  251  blocked using zen.spamhaus.org;
  158  Relay access denied
  133  reject: Helo command rejected: need fully-qualified hostname
  101  warning: numeric domain name in resource data of MX record
  101  reject: Recipient address rejected: SPF
   99  blocked using dnsbl.sorbs.net;
   79  Received-SPF: softfail
   49  Received-SPF: permerror
   36  reject: Recipient address rejected: mailbox disabled
   29  reject: Client host rejected: Access denied
    5  reject: Helo command rejected: Invalid name
    4  ...: warning: valid_hostname: empty hostname
    4  warning: malformed domain name in resource data of MX record
    4  reject: Sender address rejected: Malformed DNS server reply
    4  reject: Recipient address rejected: User unknown in virtual alias table
    3  reject: Recipient address rejected: Improper use of SMTP command pipelining
    2  ...: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:644:
    2  ...: warning: premature end-of-input on private/spfcheck while reading input attribute name
    2  ...: warning: non-SMTP command from unknown[93.174.93.51]: GET http://ipv4scan.com/hello/check.txt HTTP/1.1

caught in traps

blacklist:  adding  103.247.0.7      for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fimg.
blacklist:  adding  104.193.172.50   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  105.99.99.165    for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  109.230.228.87   for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=h
blacklist:  adding  110.45.165.27    for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fimg.
blacklist:  adding  125.91.196.223   for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  131.175.32.106   for  requesting  '//wp-content/plugins/woopra/inc/php-ofc-library/ofc_upload_image.php?name=vit
blacklist:  adding  149.210.161.247  for  requesting  '//xmlrpc.php'
blacklist:  adding  151.12.37.111    for  requesting  '//admin_area/charts/php-ofc-library/ofc_upload_image.php?name=vito.php'
blacklist:  adding  151.12.37.111    for  requesting  '//openemr/library/openflashchart/php-ofc-library/ofc_upload_image.php?name=vi
blacklist:  adding  154.41.66.24     for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  162.244.79.94    for  requesting  '/scoundrels.html/wp-content/themes/cadabrapress/scripts/?src=http://flickr.co
blacklist:  adding  167.114.19.134   for  requesting  '/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uploa
blacklist:  adding  167.114.19.134   for  requesting  '/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uploa
blacklist:  adding  171.99.140.215   for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  173.224.124.231  for  requesting  '/scoundrels.html/wp-content/themes/Avenue/timthumb.php?src=http://wordpress.c
blacklist:  adding  173.236.18.174   for  requesting  '/scoundrels.html&sa=U&ei=GUo9VO_VHoayyATd6YGQCA&ved=0
blacklist:  adding  176.9.6.202      for  requesting  '/wp-content/themes/ecobiz/timthumb.php?src=http://picasa.com.ar88.net/indeks.
blacklist:  adding  177.8.161.135    for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  178.33.51.153    for  requesting  '/scoundrels.html/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http
blacklist:  adding  178.33.51.153    for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http%3A%2F%2Fimg.you
blacklist:  adding  184.168.152.184  for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  185.28.36.5      for  requesting  '//administrator/components/com_jnews/includes/openflashchart/php-ofc-library/
blacklist:  adding  187.41.159.152   for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  189.113.119.26   for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  191.238.100.217  for  requesting  '//components/com_joomleague/assets/classes/open-flash-chart/ofc_upload_image.
blacklist:  adding  192.99.34.154    for  requesting  '//administrator/components/com_redmystic/chart/php-ofc-library/ofc_upload_ima
blacklist:  adding  192.99.34.154    for  requesting  '//openemr/library/openflashchart/php-ofc-library/ofc_upload_image.php?name=vi
blacklist:  adding  193.201.224.128  for  requesting  '/xmlrpc.php'
blacklist:  adding  193.251.72.96    for  requesting  '/scoundrels.html/wp-content/themes/Avenue/timthumb.php?src=http%3A%2F%2Fblogg
blacklist:  adding  196.40.2.126     for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  197.221.14.37    for  requesting  '//administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-of
blacklist:  adding  197.221.14.37    for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uplo
blacklist:  adding  197.221.14.37    for  requesting  '//administrator/components/com_jnews/includes/openflashchart/php-ofc-library/
blacklist:  adding  197.221.14.37    for  requesting  '//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-li
blacklist:  adding  198.50.161.31    for  requesting  '/xmlrpc.php'
blacklist:  adding  201.100.54.88    for  requesting  '/wp-content/themes/Avenue/timthumb.php?src=http%3A%2F%2Fpicasa.com.flatabovef
blacklist:  adding  201.103.14.60    for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  201.48.202.4     for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  201.59.213.34    for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  202.172.28.18    for  requesting  '/scoundrels.html&sa=U&ei=w1JJVK_sLs7f8AXvqYHABQ&ved=0
blacklist:  adding  207.45.187.138   for  requesting  '/scoundrels.html//wp-content/themes/TheTravelTheme/TheTravelTheme/includes/ti
blacklist:  adding  207.7.84.10      for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  208.86.252.93    for  requesting  '//administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-of
blacklist:  adding  210.86.239.207   for  requesting  '/scoundrels.html/wp-content/themes/telegraph/scripts/timthumb.php?src=http%3A
blacklist:  adding  212.154.192.221  for  requesting  '/wp-content/themes/ecobiz/timthumb.php?src=http%3A%2F%2Fpicasa.com.iguanamama
blacklist:  adding  213.13.156.22    for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  213.81.138.216   for  requesting  '/wp-content/themes/telegraph/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.com
blacklist:  adding  217.115.117.170  for  requesting  '/wp-content/themes/Avenue/timthumb.php?src=http%3A%2F%2Fflickr.com.hotelkouri
blacklist:  adding  27.118.30.101    for  requesting  '//administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-of
blacklist:  adding  37.75.10.54      for  requesting  '//administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_u
blacklist:  adding  37.75.10.54      for  requesting  '//administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-of
blacklist:  adding  46.165.225.196   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  46.244.123.34    for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  46.37.6.147      for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fpica
blacklist:  adding  5.135.139.93     for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uplo
blacklist:  adding  5.135.139.93     for  requesting  '//administrator/components/com_jnews/includes/openflashchart/php-ofc-library/
blacklist:  adding  5.135.139.93     for  requesting  '//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-li
blacklist:  adding  5.135.139.93     for  requesting  '//administrator/components/com_maianmedia/utilities/charts/php-ofc-library/of
blacklist:  adding  54.232.207.128   for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  54.252.99.220    for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fflic
blacklist:  adding  60.250.152.231   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  64.34.111.31     for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  66.33.204.134    for  requesting  '/scoundrels.html/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=h
blacklist:  adding  68.178.254.120   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  72.55.168.74     for  requesting  '/components/com_acymailing/inc/openflash/php-ofc-library/ofc_upload_image.php
blacklist:  adding  74.208.105.104   for  requesting  '/scoundrels.html&sa=U&ei=Gko9VIbpJY-UyASw5oC4Cg&ved=0
blacklist:  adding  74.208.114.109   for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  76.164.201.226   for  requesting  '/xmlrpc.php'
blacklist:  adding  77.247.77.143    for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  78.83.141.89     for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  81.177.33.4      for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  82.194.91.28     for  requesting  '/wp-content/themes/Avenue/timthumb.php?src=http%3A%2F%2Fimg.youtube.com.barga
blacklist:  adding  83.218.160.153   for  requesting  '/wp-content/themes/cadabrapress/scripts/timthumb.php?src=http://picasa.com.fe
blacklist:  adding  84.205.231.39    for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  85.17.149.15     for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http://picasa.com
blacklist:  adding  85.214.254.132   for  requesting  '/wp-content/themes/blacklabel/framework/timthumb.php?src=http%3A%2F%2Fpicasa.
blacklist:  adding  85.238.206.182   for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fpica
blacklist:  adding  85.95.226.60     for  requesting  '/scoundrels.html/components/com_jnews/includes/openflashchart/php-ofc-library
blacklist:  adding  86.124.79.46     for  requesting  '//administrator/components/com_maianmedia/utilities/charts/tmp-upload-images/
blacklist:  adding  87.106.25.97     for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fpica
blacklist:  adding  87.229.45.143    for  requesting  '//xmlrpc.php'
blacklist:  adding  88.119.196.88    for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  89.152.243.25    for  requesting  '/scoundrels.html&sa=U&ei=CJI6VNmkH4beaOSvgeAP&ved=0CD
blacklist:  adding  91.109.2.198     for  requesting  '//administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_u
blacklist:  adding  91.109.2.198     for  requesting  '//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-li
blacklist:  adding  91.121.223.27    for  requesting  '//components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_ima
blacklist:  adding  91.121.81.199    for  requesting  '/scoundrels.html//components/com_jnews/includes/openflashchart/php-ofc-librar
blacklist:  adding  91.191.171.195   for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http%3A%2F%2Fword
blacklist:  adding  91.194.229.15    for  requesting  '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc
blacklist:  adding  91.201.215.136   for  requesting  '//administrator/components/com_redmystic/chart/ofc-library/ofc_upload_image.p
blacklist:  adding  91.227.68.26     for  requesting  '/scoundrels.html/wp-content/themes/ecobiz/timthumb.php?src=http%3A%2F%2Fpicas
blacklist:  adding  91.231.84.128    for  requesting  '//administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_uplo
blacklist:  adding  91.79.162.80     for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  91.82.220.18     for  requesting  '/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_imag
blacklist:  adding  91.82.84.209     for  requesting  '/wp-content/themes/TheTravelTheme/includes/timthumb.php?src=http://picasa.com
blacklist:  adding  92.60.224.40     for  requesting  '/scoundrels.html//administrator/components/com_acymailing/inc/openflash/php-o
blacklist:  adding  94.103.100.121   for  requesting  '/admin/categories.php/login.php'
blacklist:  adding  95.173.185.9     for  requesting  '/administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_up
blacklist:  adding  98.191.130.251   for  requesting  '/wp-content/themes/telegraph/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.com

current blacklist

REFUSE     all  --  1.208.0.0/12         0.0.0.0/0           
REFUSE     all  --  27.115.0.0/17        0.0.0.0/0           
REFUSE     all  --  58.208.0.0/12        0.0.0.0/0           
REFUSE     all  --  58.248.0.0/13        0.0.0.0/0           
REFUSE     all  --  58.250.108.0/22      0.0.0.0/0           
REFUSE     all  --  59.0.0.0/8           0.0.0.0/0           
REFUSE     all  --  61.147.0.0/16        0.0.0.0/0           
REFUSE     all  --  61.174.51.192/26     0.0.0.0/0           
REFUSE     all  --  77.39.0.0/17         0.0.0.0/0           
REFUSE     all  --  87.229.111.0/24      0.0.0.0/0           
REFUSE     all  --  88.191.80.0/24       0.0.0.0/0           
REFUSE     all  --  93.114.40.0/21       0.0.0.0/0           
REFUSE     all  --  115.168.0.0/14       0.0.0.0/0           
REFUSE     all  --  116.1.0.0/16         0.0.0.0/0           
REFUSE     all  --  116.255.128.0/17     0.0.0.0/0           
REFUSE     all  --  123.31.0.0/19        0.0.0.0/0           
REFUSE     all  --  125.128.0.0/11       0.0.0.0/0           
REFUSE     all  --  180.76.0.0/16        0.0.0.0/0           
REFUSE     all  --  122.0.0.0/8          0.0.0.0/0           
REFUSE     all  --  123.138.0.0/15       0.0.0.0/0           
REFUSE     all  --  174.37.192.0/18      0.0.0.0/0           
REFUSE     all  --  182.48.0.0/18        0.0.0.0/0           
REFUSE     all  --  190.144.0.0/14       0.0.0.0/0           
REFUSE     all  --  202.117.0.0/18       0.0.0.0/0           
REFUSE     all  --  211.103.128.0/17     0.0.0.0/0           
REFUSE     all  --  217.20.169.160/27    0.0.0.0/0           
REFUSE     all  --  218.60.0.0/15        0.0.0.0/0           
REFUSE     all  --  218.0.0.0/30         0.0.0.0/0           
REFUSE     all  --  218.108.0.0/15       0.0.0.0/0           
REFUSE     all  --  219.140.0.0/16       0.0.0.0/0           
REFUSE     all  --  219.239.88.0/21      0.0.0.0/0           
REFUSE     all  --  221.0.0.0/15         0.0.0.0/0           
REFUSE     all  --  221.224.0.0/13       0.0.0.0/0           
REFUSE     all  --  222.184.0.0/13       0.0.0.0/0           
REFUSE     tcp  --  66.249.73.0/24       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  76.191.96.0/23       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  81.92.112.0/20       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  82.97.18.128/26      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  87.118.96.0/19       0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  95.32.64.0/18        0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  106.10.128.0/18      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  114.32.0.0/12        0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  183.80.112.0/20      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  202.204.24.0/22      0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  203.188.200.0/22     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  213.229.113.0/26     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  213.240.224.0/22     0.0.0.0/0            tcp dpt:25
REFUSE     tcp  --  216.27.14.32/28      0.0.0.0/0            tcp dpt:25
REFUSE     all  --  116.8.0.0/14         0.0.0.0/0           
REFUSE     all  --  74.201.85.64/26      0.0.0.0/0           
REFUSE     all  --  117.21.0.0/16        0.0.0.0/0           
REFUSE     all  --  111.74.238.0/24      0.0.0.0/0           

Last updated Sat Oct 25 06:48:02 2014 GMT