Hacking Attempts

zardiw

Perch
Found these in my error logs. Suggest everybody look at their error logs periodically:
 

Attachments

  • ScreenH007.jpg
    ScreenH007.jpg
    23.8 KB · Views: 65
if you tried to block all these, in a few weeks you'd be blocking most of the internet if blocking with /29 networks :D
 
Found a way.

Go into WebShell.
Bottom right click settings and check Show Hidden Files.

Now click on yoursite.com to expand it.

You might see a .htaccess file, but if not, you have to create one.

To create one, back up one level by clicking on the 2 .. at the top.

Now click on the folder ICON in front of yoursite.com

Over on the right click on create to make a .htaccess file.

Another window will open. Click on the icon above the red X, and then click on the save button, and close that window.

Now click on yoursite.com again and you'll see the new .htaccess file. Click on it.

Then click on the edit button at the BOTTOM of the window at the right.

Now if you created one, it's going to have this in it:

AuthType basic
AuthName "Secured area"
AuthUserFile /hsphere/local/home/yoursite.com/.htmaster/.ok_user
Require valid-user

which you have to DELETE, otherwise your whole site will need a user/password.

You can just replace the above with this:

Order Allow,Deny
Deny from 69.242.33.
Deny from 70.134.93.
Deny from 76.26.254.
Deny from 78.109.20.
Deny from 167.88.201.
Deny from 195.242.99.
Deny from 205.209.127.
Allow from all

I'm denying the whole last sub block of the IP's that are messing with my site.

Maybe we could get a master list that people could add to so we could all use it........z
 
Here's my current Ban List.......fwiw:

Order Allow,Deny

# Start List

# Entire FUCKING CUNTry

Deny from 1.
Deny from 14.
Deny from 27.
Deny from 31.
Deny from 37.
Deny from 41.
Deny from 42.
# Deny from 46. SiteUpTime Phillipines
Deny from 49.
# Deny from 50.
Deny from 54. # Fucking dc Too Many Hackers
Deny from 59.
Deny from 60.
Deny from 62.
Deny from 77.
Deny from 79.
Deny from 80.
Deny from 82.
Deny from 83.
# Deny from 84. # Germany. Says he will sign up
# Deny from 86. Netherlands User
Deny from 87.
Deny from 88.
Deny from 89.
Deny from 91.
Deny from 92.
Deny from 93.
Deny from 95.
Deny from 103.
Deny from 109.
Deny from 110.
Deny from 111.
Deny from 112.
Deny from 114.
# Deny from 115. Australia User
Deny from 117.
Deny from 119.
Deny from 120.
Deny from 121.
Deny from 125.
Deny from 137.
Deny from 139.
Deny from 149.
Deny from 150.
Deny from 151.
Deny from 158. #Cunting Canada
Deny from 159.
Deny from 165.
# Deny from 177. Prospect from Brazil
Deny from 178.
Deny from 179.
Deny from 180.
Deny from 183.
Deny from 185.
Deny from 186.
Deny from 187.
# Deny from 188. Switzerland 188.61 is Amanda User
Deny from 191.
Deny from 193.
# Deny from 194. IHub
Deny from 195.
Deny from 197.
# Deny from 198. New User. Plano Texas.
Deny from 200.
Deny from 202.
Deny from 203.
# Deny from 208. New User
Deny from 211.
Deny from 213.
Deny from 219.
Deny from 220.
Deny from 221.
Deny from 222.


# Entire Fucking Block

Deny from 8.12.
# Deny from 23.23. Site UpTime
Deny from 24.69.
Deny from 24.145.
Deny from 27.86.
Deny from 46.119.
Deny from 46.161.
Deny from 50.7.
Deny from 50.16.
# Deny from 54.234. Fucking us
# Deny from 54.242. Fucking us
Deny from 64.16.
Deny from 69.162.
Deny from 71.4.
# Deny from 71.202. Scott's VPN is on
Deny from 75.31.
Deny from 75.101.
Deny from 91.123.
Deny from 91.224.
Deny from 94.38.
Deny from 94.180.
Deny from 104.156.
Deny from 107.22.
Deny from 108.166.
Deny from 113.28.
Deny from 124.115.
Deny from 124.172.
Deny from 137.116.
Deny from 151.25.
Deny from 168.62.
Deny from 173.199.
Deny from 173.208.
Deny from 173.243.
Deny from 173.254.
Deny from 173.255.
Deny from 174.139.
Deny from 174.142.
Deny from 177.133.
Deny from 178.91.
Deny from 184.72.
Deny from 184.73.
Deny from 188.143.
Deny from 188.16.
Deny from 189.10.
Deny from 189.48.
Deny from 189.49.
Deny from 190.34.
Deny from 196.221.
Deny from 198.2.
Deny from 198.8.
Deny from 198.204.
Deny from 199.217.
Deny from 201.87.
Deny from 205.209.
Deny from 208.99.
Deny from 208.167.
Deny from 211.215.
Deny from 213.220.

# Semi Blocks

Deny from 24.182.45.
Deny from 24.7.250.
Deny from 46.251.237.
Deny from 49.145.107.
Deny from 61.51.18.
Deny from 61.95.144.
Deny from 62.193.229.
Deny from 64.136.26.
Deny from 64.203.142.
Deny from 64.59.144.
Deny from 65.208.151.
Deny from 65.55.106.
Deny from 65.55.207.
Deny from 66.82.9.92
Deny from 66.230.192.
Deny from 67.185.233.
Deny from 67.205.102.
Deny from 68.178.249.
Deny from 69.121.22.
Deny from 69.2.50.
Deny from 69.171.233.
Deny from 69.242.33.
Deny from 70.134.93.
Deny from 70.169.87.
Deny from 71.203.167.
Deny from 71.228.5.
Deny from 71.85.206.
Deny from 71.95.178.
Deny from 72.234.76.
Deny from 72.54.255.
Deny from 74.6.22.
Deny from 74.125.16.
Deny from 74.162.81.
Deny from 74.208.226.
Deny from 75.185.77.
Deny from 75.53.223.
Deny from 76.104.109.
Deny from 76.166.227.
Deny from 76.26.254.
Deny from 78.109.20.
Deny from 78.129.143.
Deny from 78.46.88.
Deny from 79.127.124.
Deny from 80.216.93.
Deny from 84.235.75.
Deny from 88.202.63.
Deny from 90.170.113.
Deny from 91.139.170.
Deny from 94.23.54.
Deny from 94.75.252.
Deny from 95.211.21.
Deny from 98.166.200.
Deny from 108.175.12.
Deny from 110.138.210.
Deny from 118.123.240.
Deny from 119.70.40.
Deny from 122.160.111.
Deny from 125.40.47.
Deny from 128.121.239.
Deny from 140.113.169.
Deny from 141.35.20.
Deny from 147.136.250.
Deny from 162.97.148.
Deny from 171.69.43.
# Deny from 173.252.103. Facebook
Deny from 174.129.180.
Deny from 174.129.70.
Deny from 178.235.198.
Deny from 189.110.156.
Deny from 194.176.176.
Deny from 194.8.75.
Deny from 195.132.191.
Deny from 195.160.224.
Deny from 195.22.101.
Deny from 195.242.99.
Deny from 199.104.112.
Deny from 200.120.162.
Deny from 201.51.254.
Deny from 207.46.195.
Deny from 207.58.194.
Deny from 208.82.146.
Deny from 209.85.72.
Deny from 210.82.46.
Deny from 211.95.78.
Deny from 211.230.149.
Deny from 211.237.216.
Deny from 212.12.148.
Deny from 213.194.149.
Deny from 216.105.40.
Deny from 218.28.58.
Deny from 221.135.
Deny from 222.208.183.
Deny from 222.246.48.

# Individual
Deny from 105.100.163.137


Allow from all
 
That's a lot of blocks, but not too much to cause it to make the site slow yet. I know several have tried downloading the list of entire ranges for certain countries and the sites stop working due to every page load having to process 1000's of ip ranges.
 
Yeah.....I could probably delete the smaller blocks.....and just ban x. ones.....that kills the entire range.

I'm blocking all of Russia, China, Most of Europe, especially the Eastern cuntries....and most if not all of Asia, SE Asia, etc. A lot of South America also...

Haven't noticed any slow down.........and most of those places have no business accessing my sites in the first place.

There's a certain satisfaction in blocking a whole country.......lol.......

And I can see the results.....in the error logs....when it says access denied by the server.

Another trick is to redirect 403's to a 404 page.......that way they think they're getting a page not found.......and don't realize they are being blocked. The theory being that if they see they are blocked, they will try harder to get in......and on that 404 page you can have a 'Contact Admin' link.....to give the few that are legitimate a way to connect to your site. You have to ask them for their IP address, and then let them through.

All hackers should be shot. That would stop a lot of pain and suffering in the internet world. Not to mention $Billions lost cause of those assholes.........

If you have root access, you can install Fail2Ban.....which does a good job of blocking individual IP addresses .....it only blocks them for a set period of time.......which you can change.

I don't know why Fail2Ban isn't installed on ALL hosting servers....

I just got a dedicated server......and when you log in it tells you how many failed login attempt there have been since the last time you logged in.

It is INSANE. I'm talking THOUSANDS of login attempts that failed.....literally THOUSANDS.........

And a lot of times I will report their IP to the abuse EMail of their host......Probably doesn't do much good, but maybe....I just copy/paste the error log entries to the EMail.

Here's a sample 404 page you can copy if you want: http://cyclonesecurity.com/404NotFound.htm ....z
 
Last edited:
Back
Top