Hacking Attempts

Discussion in 'H-Sphere Reseller Hosting' started by zardiw, Mar 4, 2009.

  1. zardiw

    zardiw Perch

    Found these in my error logs. Suggest everybody look at their error logs periodically:

    Attached Files:

  2. zardiw

    zardiw Perch

    Is there a way we can blacklist certain IP's? .........z
  3. Stephen

    Stephen US Operations Staff Member

    if you tried to block all these, in a few weeks you'd be blocking most of the internet if blocking with /29 networks :D
  4. zardiw

    zardiw Perch

    Found a way.

    Go into WebShell.
    Bottom right click settings and check Show Hidden Files.

    Now click on yoursite.com to expand it.

    You might see a .htaccess file, but if not, you have to create one.

    To create one, back up one level by clicking on the 2 .. at the top.

    Now click on the folder ICON in front of yoursite.com

    Over on the right click on create to make a .htaccess file.

    Another window will open. Click on the icon above the red X, and then click on the save button, and close that window.

    Now click on yoursite.com again and you'll see the new .htaccess file. Click on it.

    Then click on the edit button at the BOTTOM of the window at the right.

    Now if you created one, it's going to have this in it:

    AuthType basic
    AuthName "Secured area"
    AuthUserFile /hsphere/local/home/yoursite.com/.htmaster/.ok_user
    Require valid-user

    which you have to DELETE, otherwise your whole site will need a user/password.

    You can just replace the above with this:

    Order Allow,Deny
    Deny from 69.242.33.
    Deny from 70.134.93.
    Deny from 76.26.254.
    Deny from 78.109.20.
    Deny from 167.88.201.
    Deny from 195.242.99.
    Deny from 205.209.127.
    Allow from all

    I'm denying the whole last sub block of the IP's that are messing with my site.

    Maybe we could get a master list that people could add to so we could all use it........z
  5. zardiw

    zardiw Perch

    Hackers should be stood up against a wall and shot.......z
  6. zardiw

    zardiw Perch

    QuaaaaKKK...now that's what I like to see....lol:
  7. zardiw

    zardiw Perch

    Here's my current Ban List.......fwiw:

    Order Allow,Deny

    # Start List

    # Entire FUCKING CUNTry

    Deny from 1.
    Deny from 14.
    Deny from 27.
    Deny from 31.
    Deny from 37.
    Deny from 41.
    Deny from 42.
    # Deny from 46. SiteUpTime Phillipines
    Deny from 49.
    # Deny from 50.
    Deny from 54. # Fucking dc Too Many Hackers
    Deny from 59.
    Deny from 60.
    Deny from 62.
    Deny from 77.
    Deny from 79.
    Deny from 80.
    Deny from 82.
    Deny from 83.
    # Deny from 84. # Germany. Says he will sign up
    # Deny from 86. Netherlands User
    Deny from 87.
    Deny from 88.
    Deny from 89.
    Deny from 91.
    Deny from 92.
    Deny from 93.
    Deny from 95.
    Deny from 103.
    Deny from 109.
    Deny from 110.
    Deny from 111.
    Deny from 112.
    Deny from 114.
    # Deny from 115. Australia User
    Deny from 117.
    Deny from 119.
    Deny from 120.
    Deny from 121.
    Deny from 125.
    Deny from 137.
    Deny from 139.
    Deny from 149.
    Deny from 150.
    Deny from 151.
    Deny from 158. #Cunting Canada
    Deny from 159.
    Deny from 165.
    # Deny from 177. Prospect from Brazil
    Deny from 178.
    Deny from 179.
    Deny from 180.
    Deny from 183.
    Deny from 185.
    Deny from 186.
    Deny from 187.
    # Deny from 188. Switzerland 188.61 is Amanda User
    Deny from 191.
    Deny from 193.
    # Deny from 194. IHub
    Deny from 195.
    Deny from 197.
    # Deny from 198. New User. Plano Texas.
    Deny from 200.
    Deny from 202.
    Deny from 203.
    # Deny from 208. New User
    Deny from 211.
    Deny from 213.
    Deny from 219.
    Deny from 220.
    Deny from 221.
    Deny from 222.


    # Entire Fucking Block

    Deny from 8.12.
    # Deny from 23.23. Site UpTime
    Deny from 24.69.
    Deny from 24.145.
    Deny from 27.86.
    Deny from 46.119.
    Deny from 46.161.
    Deny from 50.7.
    Deny from 50.16.
    # Deny from 54.234. Fucking us
    # Deny from 54.242. Fucking us
    Deny from 64.16.
    Deny from 69.162.
    Deny from 71.4.
    # Deny from 71.202. Scott's VPN is on
    Deny from 75.31.
    Deny from 75.101.
    Deny from 91.123.
    Deny from 91.224.
    Deny from 94.38.
    Deny from 94.180.
    Deny from 104.156.
    Deny from 107.22.
    Deny from 108.166.
    Deny from 113.28.
    Deny from 124.115.
    Deny from 124.172.
    Deny from 137.116.
    Deny from 151.25.
    Deny from 168.62.
    Deny from 173.199.
    Deny from 173.208.
    Deny from 173.243.
    Deny from 173.254.
    Deny from 173.255.
    Deny from 174.139.
    Deny from 174.142.
    Deny from 177.133.
    Deny from 178.91.
    Deny from 184.72.
    Deny from 184.73.
    Deny from 188.143.
    Deny from 188.16.
    Deny from 189.10.
    Deny from 189.48.
    Deny from 189.49.
    Deny from 190.34.
    Deny from 196.221.
    Deny from 198.2.
    Deny from 198.8.
    Deny from 198.204.
    Deny from 199.217.
    Deny from 201.87.
    Deny from 205.209.
    Deny from 208.99.
    Deny from 208.167.
    Deny from 211.215.
    Deny from 213.220.

    # Semi Blocks

    Deny from 24.182.45.
    Deny from 24.7.250.
    Deny from 46.251.237.
    Deny from 49.145.107.
    Deny from 61.51.18.
    Deny from 61.95.144.
    Deny from 62.193.229.
    Deny from 64.136.26.
    Deny from 64.203.142.
    Deny from 64.59.144.
    Deny from 65.208.151.
    Deny from 65.55.106.
    Deny from 65.55.207.
    Deny from 66.82.9.92
    Deny from 66.230.192.
    Deny from 67.185.233.
    Deny from 67.205.102.
    Deny from 68.178.249.
    Deny from 69.121.22.
    Deny from 69.2.50.
    Deny from 69.171.233.
    Deny from 69.242.33.
    Deny from 70.134.93.
    Deny from 70.169.87.
    Deny from 71.203.167.
    Deny from 71.228.5.
    Deny from 71.85.206.
    Deny from 71.95.178.
    Deny from 72.234.76.
    Deny from 72.54.255.
    Deny from 74.6.22.
    Deny from 74.125.16.
    Deny from 74.162.81.
    Deny from 74.208.226.
    Deny from 75.185.77.
    Deny from 75.53.223.
    Deny from 76.104.109.
    Deny from 76.166.227.
    Deny from 76.26.254.
    Deny from 78.109.20.
    Deny from 78.129.143.
    Deny from 78.46.88.
    Deny from 79.127.124.
    Deny from 80.216.93.
    Deny from 84.235.75.
    Deny from 88.202.63.
    Deny from 90.170.113.
    Deny from 91.139.170.
    Deny from 94.23.54.
    Deny from 94.75.252.
    Deny from 95.211.21.
    Deny from 98.166.200.
    Deny from 108.175.12.
    Deny from 110.138.210.
    Deny from 118.123.240.
    Deny from 119.70.40.
    Deny from 122.160.111.
    Deny from 125.40.47.
    Deny from 128.121.239.
    Deny from 140.113.169.
    Deny from 141.35.20.
    Deny from 147.136.250.
    Deny from 162.97.148.
    Deny from 171.69.43.
    # Deny from 173.252.103. Facebook
    Deny from 174.129.180.
    Deny from 174.129.70.
    Deny from 178.235.198.
    Deny from 189.110.156.
    Deny from 194.176.176.
    Deny from 194.8.75.
    Deny from 195.132.191.
    Deny from 195.160.224.
    Deny from 195.22.101.
    Deny from 195.242.99.
    Deny from 199.104.112.
    Deny from 200.120.162.
    Deny from 201.51.254.
    Deny from 207.46.195.
    Deny from 207.58.194.
    Deny from 208.82.146.
    Deny from 209.85.72.
    Deny from 210.82.46.
    Deny from 211.95.78.
    Deny from 211.230.149.
    Deny from 211.237.216.
    Deny from 212.12.148.
    Deny from 213.194.149.
    Deny from 216.105.40.
    Deny from 218.28.58.
    Deny from 221.135.
    Deny from 222.208.183.
    Deny from 222.246.48.

    # Individual
    Deny from 105.100.163.137


    Allow from all
  8. Stephen

    Stephen US Operations Staff Member

    That's a lot of blocks, but not too much to cause it to make the site slow yet. I know several have tried downloading the list of entire ranges for certain countries and the sites stop working due to every page load having to process 1000's of ip ranges.
  9. zardiw

    zardiw Perch

    Yeah.....I could probably delete the smaller blocks.....and just ban x. ones.....that kills the entire range.

    I'm blocking all of Russia, China, Most of Europe, especially the Eastern cuntries....and most if not all of Asia, SE Asia, etc. A lot of South America also...

    Haven't noticed any slow down.........and most of those places have no business accessing my sites in the first place.

    There's a certain satisfaction in blocking a whole country.......lol.......

    And I can see the results.....in the error logs....when it says access denied by the server.

    Another trick is to redirect 403's to a 404 page.......that way they think they're getting a page not found.......and don't realize they are being blocked. The theory being that if they see they are blocked, they will try harder to get in......and on that 404 page you can have a 'Contact Admin' link.....to give the few that are legitimate a way to connect to your site. You have to ask them for their IP address, and then let them through.

    All hackers should be shot. That would stop a lot of pain and suffering in the internet world. Not to mention $Billions lost cause of those assholes.........

    If you have root access, you can install Fail2Ban.....which does a good job of blocking individual IP addresses .....it only blocks them for a set period of time.......which you can change.

    I don't know why Fail2Ban isn't installed on ALL hosting servers....

    I just got a dedicated server......and when you log in it tells you how many failed login attempt there have been since the last time you logged in.

    It is INSANE. I'm talking THOUSANDS of login attempts that failed.....literally THOUSANDS.........

    And a lot of times I will report their IP to the abuse EMail of their host......Probably doesn't do much good, but maybe....I just copy/paste the error log entries to the EMail.

    Here's a sample 404 page you can copy if you want: http://cyclonesecurity.com/404NotFound.htm ....z
    Last edited: May 28, 2017

Share This Page

JodoHost - 26,000 hosting end-users in 100 countries
Plesk Web Hosting
VPS Hosting
H-Sphere Web Hosting
Other Services