Thread: Paysite password cracking "network"
View Single Post
Old 02-03-2002, 06:07 PM  
Phil21
Confirmed User
 
Join Date: May 2001
Location: ICQ: 25285313
Posts: 993
Paysite password cracking "network"
Hmm, had two attempts by this guy at gaining access to two completely unrelated paysites we host.

Providers should look into firewalling these guys off, it will save you a hell of a lot of bandwidth (in both cases, they were eating ~8mbit/sec just from all the login attempts. I.e. just the 401 error pages were eating that much).

Below is some stuff you can cut/paste into a linux server that supports ipchains. I did this at our ingress points.

ipchains -I input -p all -d 0/0 -s 194.117.133.196 -j DENY # 20 attempts.
ipchains -I input -p all -d 0/0 -s 172.166.188.97 -j DENY # 20 attempts.
ipchains -I input -p all -d 0/0 -s 205.216.137.82 -j DENY # 28 attempts.
ipchains -I input -p all -d 0/0 -s 24.147.10.83 -j DENY # 32 attempts.
ipchains -I input -p all -d 0/0 -s 172.158.156.172 -j DENY # 33 attempts.
ipchains -I input -p all -d 0/0 -s 200.218.156.3 -j DENY # 38 attempts.
ipchains -I input -p all -d 0/0 -s 195.92.198.73 -j DENY # 39 attempts.
ipchains -I input -p all -d 0/0 -s 194.117.133.118 -j DENY # 48 attempts.
ipchains -I input -p all -d 0/0 -s 195.92.67.65 -j DENY # 71 attempts.
ipchains -I input -p all -d 0/0 -s 24.205.98.167 -j DENY # 91 attempts.
ipchains -I input -p all -d 0/0 -s 192.116.235.110 -j DENY # 126 attempts.
ipchains -I input -p all -d 0/0 -s 200.242.216.150 -j DENY # 421 attempts.
ipchains -I input -p all -d 0/0 -s 208.17.144.86 -j DENY # 1096 attempts.
ipchains -I input -p all -d 0/0 -s 192.117.167.145 -j DENY # 1186 attempts.
ipchains -I input -p all -d 0/0 -s 212.29.245.226 -j DENY # 1259 attempts.
ipchains -I input -p all -d 0/0 -s 194.108.112.226 -j DENY # 1268 attempts.
ipchains -I input -p all -d 0/0 -s 194.69.31.92 -j DENY # 1286 attempts.
ipchains -I input -p all -d 0/0 -s 212.27.207.8 -j DENY # 1288 attempts.
ipchains -I input -p all -d 0/0 -s 200.214.253.110 -j DENY # 1289 attempts.
ipchains -I input -p all -d 0/0 -s 192.117.153.9 -j DENY # 1297 attempts.
ipchains -I input -p all -d 0/0 -s 24.31.3.9 -j DENY # 1308 attempts.
ipchains -I input -p all -d 0/0 -s 199.90.209.36 -j DENY # 1310 attempts.
ipchains -I input -p all -d 0/0 -s 210.160.73.210 -j DENY # 1311 attempts.
ipchains -I input -p all -d 0/0 -s 212.155.190.249 -j DENY # 1313 attempts.
ipchains -I input -p all -d 0/0 -s 200.193.46.18 -j DENY # 1314 attempts.
ipchains -I input -p all -d 0/0 -s 203.59.54.35 -j DENY # 1315 attempts.
ipchains -I input -p all -d 0/0 -s 210.136.165.133 -j DENY # 1316 attempts.
ipchains -I input -p all -d 0/0 -s 211.6.228.50 -j DENY # 1317 attempts.
ipchains -I input -p all -d 0/0 -s 210.201.31.226 -j DENY # 1318 attempts.
ipchains -I input -p all -d 0/0 -s 217.57.9.114 -j DENY # 1321 attempts.
ipchains -I input -p all -d 0/0 -s 200.27.182.30 -j DENY # 1321 attempts.
ipchains -I input -p all -d 0/0 -s 194.206.139.70 -j DENY # 1322 attempts.
ipchains -I input -p all -d 0/0 -s 211.21.1.19 -j DENY # 1322 attempts.
ipchains -I input -p all -d 0/0 -s 210.135.3.1 -j DENY # 1324 attempts.
ipchains -I input -p all -d 0/0 -s 203.199.37.6 -j DENY # 1324 attempts.
ipchains -I input -p all -d 0/0 -s 204.210.202.19 -j DENY # 1325 attempts.
ipchains -I input -p all -d 0/0 -s 210.175.52.100 -j DENY # 1326 attempts.
ipchains -I input -p all -d 0/0 -s 210.162.242.194 -j DENY # 1327 attempts.
ipchains -I input -p all -d 0/0 -s 208.137.183.55 -j DENY # 1327 attempts.
ipchains -I input -p all -d 0/0 -s 210.149.84.27 -j DENY # 1327 attempts.
ipchains -I input -p all -d 0/0 -s 195.56.65.48 -j DENY # 1328 attempts.
ipchains -I input -p all -d 0/0 -s 205.147.53.162 -j DENY # 1329 attempts.
ipchains -I input -p all -d 0/0 -s 210.232.100.146 -j DENY # 1329 attempts.
ipchains -I input -p all -d 0/0 -s 211.0.113.202 -j DENY # 1331 attempts.
ipchains -I input -p all -d 0/0 -s 206.21.27.99 -j DENY # 1331 attempts.
ipchains -I input -p all -d 0/0 -s 211.16.244.211 -j DENY # 1332 attempts.
ipchains -I input -p all -d 0/0 -s 210.248.220.18 -j DENY # 1333 attempts.
ipchains -I input -p all -d 0/0 -s 199.72.195.20 -j DENY # 1334 attempts.
ipchains -I input -p all -d 0/0 -s 66.21.39.52 -j DENY # 1336 attempts.
ipchains -I input -p all -d 0/0 -s 216.77.56.82 -j DENY # 1338 attempts.
ipchains -I input -p all -d 0/0 -s 196.28.82.114 -j DENY # 1338 attempts.
ipchains -I input -p all -d 0/0 -s 193.66.190.34 -j DENY # 1343 attempts.
ipchains -I input -p all -d 0/0 -s 200.46.109.85 -j DENY # 1343 attempts.
ipchains -I input -p all -d 0/0 -s 211.17.156.2 -j DENY # 1346 attempts.
ipchains -I input -p all -d 0/0 -s 200.199.249.66 -j DENY # 1348 attempts.
ipchains -I input -p all -d 0/0 -s 200.35.86.165 -j DENY # 1349 attempts.
ipchains -I input -p all -d 0/0 -s 61.133.71.205 -j DENY # 1350 attempts.
ipchains -I input -p all -d 0/0 -s 61.0.133.6 -j DENY # 1353 attempts.
ipchains -I input -p all -d 0/0 -s 63.64.144.7 -j DENY # 1355 attempts.
ipchains -I input -p all -d 0/0 -s 213.70.189.2 -j DENY # 1356 attempts.
ipchains -I input -p all -d 0/0 -s 210.199.164.51 -j DENY # 1358 attempts.
ipchains -I input -p all -d 0/0 -s 216.72.87.254 -j DENY # 1360 attempts.
ipchains -I input -p all -d 0/0 -s 217.13.133.226 -j DENY # 1364 attempts.
ipchains -I input -p all -d 0/0 -s 200.203.134.210 -j DENY # 1367 attempts.
ipchains -I input -p all -d 0/0 -s 210.190.110.13 -j DENY # 1368 attempts.
ipchains -I input -p all -d 0/0 -s 210.241.122.65 -j DENY # 1370 attempts.
ipchains -I input -p all -d 0/0 -s 207.43.97.2 -j DENY # 1376 attempts.
ipchains -I input -p all -d 0/0 -s 64.123.93.3 -j DENY # 1388 attempts.
ipchains -I input -p all -d 0/0 -s 198.109.239.4 -j DENY # 2391 attempts.
ipchains -I input -p all -d 0/0 -s 212.31.252.228 -j DENY # 2624 attempts.


Hope it helps someone.

-Phil
Phil21 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote