Hacking attempts from

hd4real posted 23rd of August 2008 in Community Voice. 8 comments.

NOTE: SOLUTION IS UPGRADE TO 6.1.4

Hi All,


If you have upgraded or not, I suggest you to add these ip's to your deny list:


89.111.176.86
65.39.140.181
213.33.84.163
67.18.208.106
81.92.196.73
89.208.43.121
81.92.196.73
89.208.43.121
220.125.208.12
200.93.147.155
193.110.89.6
81.29.112.219
201.17.129.24
92.48.68.66
198.66.222.121
72.9.233.10
66.135.41.76


UPDATE:

ip-209-172-55-178.static.privatedns.com
server2.dmusichost.com
mail.multihosts.ru
48-42.bluehost.com


Regards,


Harvliet

 
Comments
·Oldest
·Top
Please login to post a comment.
gameutopia
I am wondering why exactally why I should add these ip's you specify?

I block a number for a certain reason, but can you provide additional reasoning for blocking them in particular?

Not saying I will or would disagree with you and they are only a few like 18 which is a drop in the bucket. But is there some reason these are on your mind?

I get more attempted attacks on my site in a day then I can possibly count certainly more than 18. If I listed all their ip's this page would be huge.

Ip see more blocking is good sometimes. And other times they are nothing to worry about.

If they are smart they can change their ip and hit you again.

So the smart thing to do is to figure out what they are hitting, and figure out how to prevent what they are hitting rather than the ip. There are millions and millions of ip's out there that change, or can change at will.

So if you can figure out what they are hitting or attempting and prevent that instead, you only have a small file to adjust, edit or configure, rather than block a huge number of growing ip's.

I wouldn't rule out some ip's, and I do tend to block some of the well known ranges, but bottom line is you will do much more if you can block their attempts rather than ip's.

I used to think ip's was the route to go, but after much reasearch and testing, I have found that it is more productive to block the source they are after rather than ip.

Good luck!!
gameutopia
hd4real
You are right. They are hitting the security holes which are in Dolphin 6.1.2. I have not yet upgraded to 6.1.4 as my site has mods and i'm not a coder so upgrading will take ages for me and I have to do 3 sites.
gameutopia
Sorry for the double post. It don't matter what your version is make sure register globals is off.

Ip's are good sometimes but if they are hitting safehtml or whatever with a remote file include, just due away with them. Most are libperl crap anyway, so just block them totally.

I just added this to my site, and I need to proof read it but you can check it and get some ideas at:
http://www.dialme.com/articles.php?action=viewarticle&articleID=27

If there is something I can help you with see more in particular be sure to let me know.

gameutopia
gameutopia
I am wondering why exactally why I should add these ip's you specify?

I block a number for a certain reason, but can you provide additional reasoning for blocking them in particular?

Not saying I will or will not disagree with you and they are only a few like 18 which is a drop in the bucket. But is there some reason these are on your mind?

I get more attempted attacks on my site in a day then I can possibly count certainly more than 18. If I listed all their ip's this page would be huge.

Ip see more blocking is good sometimes. And other times they are nothing to worry about.

If they are smart they can change their ip and hit you again.

So the smart thing to do is to figure out what they are hitting, and figure out how to prevent what they are hitting rather than the ip. There are millions and millions of ip's out there that change, or can change at will.

So if you can figure out what they are hitting or attempting and prevent that instead, you only have a small file to adjust, edit or configure, rather than block a huge number of growing ip's.

I wouldn't rule out some ip's, and I do tend to block some of the well known ranges, but bottom line is you will do much more if you can block their attempts rather than ip's.

I used to think ip's was the route to go, but after much reasearch and testing, I have found that it is more productive to block the source they are after rather than ip.

Good luck!!
gameutopia
buckmcgoo
Blocking individual ips is an exercise in futility.. they change constantly.
tango3d
I agree, it is unlikely that your site will be hacked by someone with a static ip address
ntlam98
yeah i agree, it better to build great lock than chasing the thief.
Facegey
can any one explain me why i'm not able to add a IP which starts with 201.222.113.2 every time i add it to the black list and clicking submit it shows up o.o.o.o. added to black list, what i'm doing wrong???
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
PET:0.063265085220337