Ip Address Question

[DnEbook]

I wonder if here at namepros when some asshole keeps trying to hack our sites that i am pretty sure they are looking at here via signature line

If we can supply the ip address can we find out if that belongs to a member here ??

Love to know because it is getting pretty annoying

 

[DnEbook]

We are watching you

WordPress Firewall has detected and blocked a potential attack!

Web Page:

vampirehire.com/wp-content/themes/witcher-mind/scripts/timthumb.php?src=/g0../0d1.gif
Warning: URL may contain dangerous content!

Offending IP:

74.117.186.148 [ IP location ]

Offending Parameter:

src = /g0../0d1.gif

This may be a "Directory Traversal Attack."

 

[Sull]

We are watching you

WordPress Firewall has detected and blocked a potential attack!

Web Page:

vampirehire.com/wp-content/themes/witcher-mind/scripts/timthumb.php?src=/g0../0d1.gif
Warning: URL may contain dangerous content!

Offending IP:

74.117.186.148 [ IP location ]

Offending Parameter:

src = /g0../0d1.gif

This may be a "Directory Traversal Attack."

I'd send a note to their abuse department and let them know. You might already have this, but here is the IP owner whois.

NetRange: 74.117.184.0 - 74.117.187.255
CIDR: 74.117.184.0/22
OriginAS: AS11352
NetName: STRATASCALE
NetHandle: NET-74-117-184-0-1
Parent: NET-74-0-0-0-0
NetType: Direct Allocation
RegDate: 2009-09-11
Updated: 2009-09-11
Ref: http://whois.arin.net/rest/net/NET-74-117-184-0-1


OrgName: StrataScale, Inc.
OrgId: STRAT-56
Address: P.O. Box 384060
City: Sacramento
StateProv: CA
PostalCode: 95834-8060
Country: US
RegDate: 2008-04-07
Updated: 2009-10-07
Ref: http://whois.arin.net/rest/org/STRAT-56

OrgAbuseHandle: STRAT4-ARIN
OrgAbuseName: StrataScale Abuse
OrgAbusePhone: +1-916-286-4050
OrgAbuseEmail: [email protected]
OrgAbuseRef: http://whois.arin.net/rest/poc/STRAT4-ARIN

OrgTechHandle: SIA11-ARIN
OrgTechName: StrataScale IP Administration
OrgTechPhone: +1-866-599-0998
OrgTechEmail: [email protected]
OrgTechRef: http://whois.arin.net/rest/poc/SIA11-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

 

[Kate]

I hope your Timthumb plugin is up to date because a serious vulnerability was found recently. This might be an attempt to run the exploit.
http://blog.sucuri.net/2011/10/timthumb-php-mass-infection-aftermath-part-i.html

 

[mis_chiff]

^ Just so I know to watch for it, or check it- What's a Timthumb plugin?

[Google Map the Ip - you can almost get to the front door]

 

[lothos]

^ Just so I know to watch for it, or check it- What's a Timthumb plugin?

[Google Map the Ip - you can almost get to the front door]

TimThumb is a simple, flexible, PHP script that resizes images. A lot of wordpress themes use it.

 

[InvisionTech]

Question I have for you is that why are you websites being hacked? If namepros can help or not isn't even relevant, your websites are your responsibility to make sure they are secure.

Its not like namepros signatures is the ONLY place on the internet to find your websites or domains. Come on!

 

[DnEbook]

Question I have for you is that why are you websites being hacked? If namepros can help or not isn't even relevant, your websites are your responsibility to make sure they are secure.

Its not like namepros signatures is the ONLY place on the internet to find your websites or domains. Come on!

This is the only place where they are advertised via a signature line and not every visitor is a nice person, the fact that it is these two out of x-amount seems highly coincidental in my books

I have security ...... not sure why you even bothered to comment in this tread ?

Thanks to the mods who also looked into this for me


Thanks for the info Sully ........repped !

 

[DnEbook]

Here is the latest : 177.71.138.189

I wonder if this one is a member ?

If the last attacks were via a thumbnail image where does this come from



Web Page:

virtualbooks.com.au//wp-content/plugins/kish-guest-posting/uploadify/scripts/uploadify.php?folder=
Warning: URL may contain dangerous content!



Offending IP:

177.71.138.189 [ Get IP location ]

Offending Parameter:

$_FILE = wp-xml.php


This may be a "Executable File Upload Attack."

Click here for more information on this type of attack.

If you suspect this may be a false alarm because of something you recently did, try to confirm by repeating those actions. If so, whitelist it via the "whitelist this variable" link below. This will prevent future false alarms.

Click here to whitelist this variable.
Click here to turn off these emails.

Repeated warnings for similar attacks are currently sent via email, click here to suppress them.

 

[InvisionTech]

Dude, are you freaking SERIOUS? NAMEPROS is SOURCE of your hacking? Its the damn script/plugin that you have installed...

Here is your MORON moment alert:

Google "kish-guest-posting"

Its your scripts which are not working/secure/have bugs/other issues.

What you need is a lesson in how to IDENTIFY the problem and HOW to TROUBLESHOOT it effectively. Instead of acting like a paranoid buffoon, accusing some 3rd/4th party DOMAINING forum and its members of hacking your websites as if NAMEPROS is the ONLY place for hackers to find out and get to your site.

 

[DnEbook]

Dude, are you freaking SERIOUS? NAMEPROS is SOURCE of your hacking? Its the damn script/plugin that you have installed...

Here is your MORON moment alert:

Google "kish-guest-posting"

Its your scripts which are not working/secure/have bugs/other issues.

What you need is a lesson in how to IDENTIFY the problem and HOW to TROUBLESHOOT it effectively. Instead of acting like a paranoid buffoon, accusing some 3rd/4th party DOMAINING forum and its members of hacking your websites as if NAMEPROS is the ONLY place for hackers to find out and get to your site.

The question is valid and it serves as a warning to the folk that think they can join up here and scam, hack and do whatever else they wish to try

The mods were happy to look into this because their head is not in the sand

How about i go over to your .pro discussion and call you a buffoon ..... I hate the troll mentality

Moron ??

Welcome to my ignore list ...... i have no time for you

 

[InvisionTech]

This is a public forum.

When you post a thread, YOU invite commentary.

Learn to deal with it... especially when its about helping you OUT of your miserable show of stupidity.

And also learn to deal with the fact that your websites, as insignificant as they maybe, CAN be FOUND else where on the net and not just namepros or your pathetic, good for nothing, lousy SIGNATURES.

I am done with this absurdity.

 

[carob]

You can if you want just block traffic from certain IP addresses.

It's entirely possible that traffic you want to block actually comes from IP addresses that have been compromised.

 

[DnEbook]

You can if you want just block traffic from certain IP addresses.

It's entirely possible that traffic you want to block actually comes from IP addresses that have been compromised.

You're correct .... i assume you mean via the discussion ip block option ?

Although does that completely stop an attack ?

i'll do that thanks, tried to rep you ... but too fond ?? Lol

 

[carob]

You're correct .... i'll do that thanks, tried to rep you ... but too fond ?? Lol

Well afaik I haven't blocked you or anyone else! Some forums you can't rep the same person twice in a row... I guess they want to spread the joy, or else avoid dubious repping tactics, but who ever heard of repspam LOL.

---------- Post added at 09:34 AM ---------- Previous post was at 08:59 AM ----------

You're correct .... i assume you mean via the discussion ip block option ?

Although does that completely stop an attack ?

No I meant via your hosting - check with hosts. If on Apache server and with access to your .htaccess file, you just insert a line of code. And you might be able to do that via Cpanel.

In any case beforehand make a backup of the .htaccess file and read instructions before you operate, this really is open heart surgery and a slip will disable your site stone cold dead.

 

[DnEbook]

Well afaik I haven't blocked you or anyone else! Some forums you can't rep the same person twice in a row... I guess they want to spread the joy, or else avoid dubious repping tactics, but who ever heard of repspam LOL.

---------- Post added at 09:34 AM ---------- Previous post was at 08:59 AM ----------



No I meant via your hosting - check with hosts. If on Apache server and with access to your .htaccess file, you just insert a line of code. And you might be able to do that via Cpanel.

In any case beforehand make a backup of the .htaccess file and read instructions before you operate, this really is open heart surgery and a slip will disable your site stone cold dead.

Many thanks, that is good to know ! cheers

 

[upasana86]

Unix Command interview questions | Top 30 Unix Command interview questions

i know how to get the ip address.. first you know about Unix / Linux Command then you can get easily..

so go through here :

http://www.unixbuzz.com/2011/07/16/...ions-top-30-unix-command-interview-questions/

 

[DnEbook]

Have to look tomorrow ......Federer verse Nadal in the tennis here in Australia ,,thanks