-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, Oct 18, 2008 at 12:52 PM, Beavis <pfunix@gmail.com> wrote:
I'm hosting the company's site and we're not running any type of promotions other than the ones that we have. this is a typical scenario for sites that host these type of content to get attacked.
If only i can get through one of those IP's and get the program that's running on them (bot) that will give me a clue where it goes.
Attacker IP's these guys are just persistent they are trying to hit port 80 on a dns box.
92.124.174.10 89.252.28.60 91.124.110.98 98.25.64.170 92.112.229.94 75.186.69.225 89.113.48.227 87.103.174.101 84.47.161.244 89.169.111.90 92.112.145.158 85.141.238.233 91.202.109.72 89.222.217.116 193.109.241.45 212.192.251.11 213.252.64.74 91.200.8.6 92.113.10.101 200.11.153.142 80.55.213.118 200.43.3.153
Well, good luck with all that -- it would appear that all of the hosts attacking you are botnet'ed residential broadband machines: 92.124.174.10 -PTR-> host-92-124-174-10.pppoe.omsknet.ru 89.252.28.60 -PTR-> NXDOMAIN 91.124.110.98 -PTR-> 98-110-124-91.pool.ukrtel.net 98.25.64.170 -PTR-> cpe-098-025-064-170.sc.res.rr.com 92.112.229.94 -PTR-> 94-229-112-92.pool.ukrtel.net 75.186.69.225 -PTR-> cpe-75-186-69-225.cinci.res.rr.com 89.113.48.227 -PTR-> 89-113-48-227.nat.dsl.orel.ru 87.103.174.101 -PTR-> 87-103-174-101.pppoe.irtel.ru 84.47.161.244 -PTR-> 84-47-161-244.apmt.ru [...] - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI+kJBq1pz9mNUZTMRApbGAJ9WamkW06pTb+SpWUn0rirpQZf/KgCg1APq LPs4/rDH8wPmAk6bvl+FpI4= =N1VC -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/