Хакери, атаки, IP-та

bgtupanfighter

bgtupanfighter

Well-Known Member
Предлагам да направим една СЪДЪРЖАТЕЛНА тема свързана с хакерчетата, уеб-атаките и използваните от тях, методи.
Можем да добавяме какво сме забелязали, от какво сме изпатили, как се предпазваме и въобще мерките, които взимаме. Също така можем да показваме сигурни IP-та от които сме яли дървото или все един път ще го хапнем :). Второто може да е полезно също ако някой си мерне собственото да уведоми своевременно. Това се случва защото знаем, че уебмастерите се ровят навсякъде и не е рядкос някой да бъде блокиран по погрешка :wink:
Също така можем да пишем за това как взимаме превантивни мерки, как намираме лошите по логовете и изобщо какви похвати и терикатлъци предприемаме за да си опазим зайтовете.

Сега, за да започна темата ще логна последната атака от братска Италия (може би Италия :rolleyes: )
Ще е полезно (поне за мен със сигурност) да имаме една хубава колекция от спамерски и хакерски ип-та. Не всички разполагат с тулове и модули свързани със спамерските бази данни, а и къстъма според мен е за предпочитане
 
От: Хакери, атаки, IP-та

Ето, това е за сигурно блокиране

Код: 
95.227.198.80
217.58.114.252
78.6.228.32
79.148.238.85
87.23.162.70
79.28.255.65

Ще синтезирам малко част от инфото което имам и ще логна и по-дългичък списък :)
 
От: Хакери, атаки, IP-та

Ето, това е за сигурно блокиране на никой не върши работа, от къде да знаем, че адресите са легитимни, ами ако имаш зъб на някой и нарочно го постнеш? Не става така.
 
От: Хакери, атаки, IP-та

За това е точно темата, всеки да споделя къде е ял дървото. Точно защото не всеки знае кой ип-та са източникът :wink:
Колкото до това със "имаш зъб" - беше голяма глупост. Мислиш ли, че някой редовен участник във форума ще използва такива похвати. Съжденията и притесненията са ти несериозни и детински. По-скоро ще има положителен ефект ако някой е блокирам по погрешка :wink:

Но след като преценяваш, че "така не става" ще си малко по-полезен ако кажеш КАК СТАВА
 
От: Хакери, атаки, IP-та

Да, много врътки има...
Аз например се интересувам как най-оптимално да търся по логовете. Нямам време а и очи да ровя кат идиот за да взема превантивни мерки :) Представете си, например един лог за месеца от 200 меги какво чудо е!
Дайте вие по какви ключове търсите най-оптимално, освен редовните за логини и админи.
 
От: Хакери, атаки, IP-та

8 мнения и нито един скрипт за атака (perl, python...?), нито едни хедъри или body на http заявка, нито един ред изписан за mod_security, fail2ban и прочие :) И какво ще постигнете като блокирате 100-ина IP-та? Колко време мислите, че отнема създаването на нов ботнет?
 
От: Хакери, атаки, IP-та

Е те повечето са си моите мнения :D

Ти кажи как да търся оптимално в лога, па мод секуритито и другото ще ги мислиме по-натам :)
 
От: Хакери, атаки, IP-та

На тия блок от htaccess

RANGE 6
6.* – Army Information Systems CenterRANGE 7
7.*.*.* Defense Information Systems Agency, VA

RANGE 11
11.*.*.* DoD Intel Information Systems, Defense Intelligence Agency, Washington DC

RANGE 21
21. – US Defense Information Systems Agency

RANGE 22
22.* – Defense Information Systems Agency

RANGE 25
25.*.*.* Royal Signals and Radar Establishment, UK

RANGE 26
26.* – Defense Information Systems Agency

RANGE 29
29.* – Defense Information Systems Agency

RANGE 30
30.* – Defense Information Systems Agency

RANGE 49
49.* – Joint Tactical Command

RANGE 50
50.* – Joint Tactical Command

RANGE 55
55.* – Army National Guard Bureau

RANGE 55
55.* – Army National Guard Bureau

RANGE 62
62.0.0.1 – 62.30.255.255 Do not scan!

RANGE 64
64.70.*.* Do not search
64.224.* Do not search
64.225.* Do not search
64.226.* Do not search

RANGE 128
128.37.0.0 Army Yuma Proving Ground
128.38.0.0 Naval Surface Warfare Center
128.43.0.0 Defense Research Establishment-Ottawa
128.47.0.0 Army Communications Electronics Command
128.49.0.0 Naval Ocean Systems Center
128.50.0.0 Department of Defense
128.51.0.0 Department of Defense
128.56.0.0 U.S. Naval Academy
128.60.0.0 Naval Research Laboratory
128.63.0.0 Army Ballistics Research Laboratory
128.80.0.0 Army Communications Electronics Command
128.98.0.0 – 128.98.255.255 Defense Evaluation and Research Agency
128.102.0.0 NASA Ames Research Center
128.149.0.0 NASA Headquarters
128.154.0.0 NASA Wallops Flight Facility
128.155.0.0 NASA Langley Research Center
128.156.0.0 NASA Lewis Network Control Center
128.157.0.0 NASA Johnson Space Center
128.158.0.0 NASA Ames Research Center
128.159.0.0 NASA Ames Research Center
128.160.0.0 Naval Research Laboratory
128.161.0.0 NASA Ames Research Center
128.183.0.0 NASA Goddard Space Flight Center
128.190.0.0 Army Belvoir Reasearch and Development Center
128.202.0.0 50th Space Wing
128.216.0.0 MacDill Air Force Base
128.217.0.0 NASA Kennedy Space Center
128.236.0.0 U.S. Air Force Academy

RANGE 129
129.23.0.0 Strategic Defense Initiative Organization
129.29.0.0 United States Military Academy
129.50.0.0 NASA Marshall Space Flight Center
129.51.0.0 Patrick Air Force Base
129.52.0.0 Wright-Patterson Air Force Base
129.53.0.0 – 129.53.255.255 66SPTG-SCB
129.54.0.0 Vandenberg Air Force Base, CA
129.92.0.0 Air Force Institute of Technology
129.99.0.0 NASA Ames Research Center
129.131.0.0 Naval Weapons Center
129.139.0.0 Army Armament Research Development and Engineering Center
129.141.0.0 85 MISSION SUPPORT SQUADRON/SCSN
129.163.0.0 NASA/Johnson Space Center
129.164.0.0 NASA IVV
129.165.0.0 NASA Goddard Space Flight Center
129.166.0.0 NASA – John F. Kennedy Space Center
129.167.0.0 NASA Marshall Space Flight Center
129.168.0.0 NASA Lewis Research Center
129.190.0.0 Naval Underwater Systems Center
129.198.0.0 Air Force Flight Test Center
129.209.0.0 Army Ballistics Research Laboratory
129.229.0.0 U.S. Army Corps of Engineers
129.251.0.0 United States Air Force Academy

RANGE 130
130.40.0.0 NASA Johnson Space Center
130.90.0.0 Mather Air Force Base
130.109.0.0 Naval Coastal Systems Center
130.114.0.0 Army Aberdeen Proving Ground Installation Support Activity
130.124.0.0 Honeywell Defense Systems Group
130.165.0.0 U.S.Army Corps of Engineers
130.167.0.0 NASA Headquarters

RANGE 131
131.3.0.0 – 131.3.255.255 Mather Air Force Base
131.6.0.0 Langley Air Force Base
131.10.0.0 Barksdale Air Force Base
131.17.0.0 Sheppard Air Force Base
131.21.0.0 Hahn Air Base
131.22.0.0 Keesler Air Force Base
131.24.0.0 6 Communications Squadron
131.25.0.0 Patrick Air Force Base
131.27.0.0 75 ABW
131.30.0.0 62 CS/SCSNT
131.32.0.0 37 Communications Squadron
131.35.0.0 Fairchild Air Force Base
131.36.0.0 Yokota Air Base
131.37.0.0 Elmendorf Air Force Base
131.38.0.0 Hickam Air Force Base
131.39.0.0 354CS/SCSN
131.40.0.0 Bergstrom Air Force Base
131.44.0.0 Randolph Air Force Base
131.46.0.0 20 Communications Squadron
131.47.0.0 Andersen Air Force Base
131.50.0.0 Davis-Monthan Air Force Base
131.52.0.0 56 Communications Squadron /SCBB
131.54.0.0 Air Force Concentrator Network
131.56.0.0 Upper Heyford Air Force Base
131.58.0.0 Alconbury Royal Air Force Base
131.59.0.0 7 Communications Squadron
131.61.0.0 McConnell Air Force Base
131.62.0.0 Norton Air Force Base
131.71.0.0 – 131.71.255.255 NAVAL AVIATION DEPOT CHERRY PO
131.74.0.0 Defense MegaCenter Columbus
131.84.0.0 Defense Technical Information Center
131.92.0.0 Army Information Systems Command – Aberdeen (EA)
131.105.0.0 McClellan Air Force Base
131.110.0.0 NASA/Michoud Assembly Facility
131.120.0.0 Naval Postgraduate School
131.121.0.0 United States Naval Academy
131.122.0.0 United States Naval Academy
131.176.0.0 European Space Operations Center
131.182.0.0 NASA Headquarters
131.250.0.0 Office of the Chief of Naval Research

RANGE 132
132.3.0.0 Williams Air Force Base
132.5.0.0 – 132.5.255.255 49th Fighter Wing
132.6.0.0 Ankara Air Station
132.7.0.0 – 132.7.255.255 SSG/SINO
132.9.0.0 28th Bomb Wing
132.10.0.0 319 Comm Sq
132.11.0.0 Hellenikon Air Base
132.12.0.0 Myrtle Beach Air Force Base
132.13.0.0 Bentwaters Royal Air Force Base
132.14.0.0 Air Force Concentrator Network
132.15.0.0 Kadena Air Base
132.16.0.0 Kunsan Air Base
132.17.0.0 Lindsey Air Station
132.18.0.0 McGuire Air Force Base
132.19.0.0 100CS (NET-MILDENHALL)
132.20.0.0 35th Communications Squadron
132.21.0.0 Plattsburgh Air Force Base
132.22.0.0 23Communications Sq
132.24.0.0 Dover Air Force Base
132.25.0.0 786 CS/SCBM
132.27.0.0 – 132.27.255.255 39CS/SCBBN
132.28.0.0 14TH COMMUNICATION SQUADRON
132.30.0.0 Lajes Air Force Base
132.31.0.0 Loring Air Force Base
132.33.0.0 60CS/SCSNM
132.34.0.0 Cannon Air Force Base
132.35.0.0 Altus Air Force Base
132.37.0.0 75 ABW
132.38.0.0 Goodfellow AFB
132.39.0.0 K.I. Sawyer Air Force Base
132.40.0.0 347 COMMUNICATION SQUADRON
132.42.0.0 Spangdahlem Air Force Base
132.43.0.0 Zweibruchen Air Force Base
132.45.0.0 Chanute Air Force Base
132.46.0.0 Columbus Air Force Base
132.48.0.0 Laughlin Air Force Base
132.49.0.0 366CS/SCSN
132.50.0.0 Reese Air Force Base
132.52.0.0 Vance Air Force Base
132.54.0.0 Langley AFB
132.55.0.0 Torrejon Air Force Base
132.56.0.0 – 132.56.255.255 9 CS/SC
132.57.0.0 Castle Air Force Base
132.58.0.0 Nellis Air Force Base
132.59.0.0 24Comm Squadron\SCSNA
132.60.0.0 – 132.60.255.255 42ND COMMUNICATION SQUADRON
132.61.0.0 SSG/SIN
132.62.0.0 – 132.62.255.255 377 COMMUNICATION SQUADRON
132.79.0.0 Army National Guard Bureau
132.80.0.0 – 132.80.255.255 NGB-AIS-OS
132.80.0.0 – 132.85.255.255 National Guard Bureau
132.82.0.0 Army National Guard Bureau
132.86.0.0 National Guard Bureau
132.87.0.0 – 132.93.255.255 National Guard Bureau
132.94.0.0 Army National Guard Bureau
132.95.0.0 – 132.103.255.255 National Guard Bureau
132.95.0.0 – 132.108.0.0 DOD Network Information Center
132.104.0.0 – 132.104.255.255 Army National Guard Bureau
132.105.0.0 – 132.108.255.255 Army National Guard Bureau
132.109.0.0 National Guard Bureau
132.110.0.0 – 132.116.255.255 Army National Guard Bureau
132.114.0.0 Army National Guard
132.117.0.0 Army National Guard Bureau
132.118.0.0 – 132.132.0.0 Army National Guard Bureau
132.122.0.0 South Carolina Army National Guard, USPFO
132.133.0.0 National Guard Bureau
132.134.0.0 – 132.143.255.255 National Guard Bureau
132.159.0.0 Army Information Systems Command
132.193.0.0 Army Research Office
132.250.0.0 Naval Research Laboratory

RANGE 134
134.5.0.0 Lockheed Aeronautical Systems Company
134.11.0.0 The Pentagon
134.12.0.0 NASA Ames Research Center
134.51.0.0 Boeing Military Aircraft Facility
134.52.*.* Boeing Corporation
134.78.0.0 Army Information Systems Command-ATCOM
134.80.0.0 Army Information Systems Command
134.118.0.0 NASA/Johnson Space Center
134.131.0.0 Wright-Patterson Air Force Base
134.136.0.0 Wright-Patterson Air Force Base
134.164.0.0 Army Engineer Waterways Experiment Station
134.165.0.0 Headquarters Air Force Space Command
134.194.0.0 U.S. Army Aberdeen Test Center
134.205.0.0 7th Communications Group
134.207.0.0 Naval Research Laboratory
134.229.0.0 Navy Regional Data Automation Center
134.230.0.0 Navy Regional Data Automation Center
134.232.0.0 – 134.232.255.255 U.S. Army, Europe
134.233.0.0 HQ 5th Signal Command
134.234.0.0 – 134.234.255.255 Southern European Task Force
134.235.0.0 HQ 5th Signal Command
134.240.0.0 U.S. Military Academy
136.149.0.0 Air Force Military Personnel Center

RANGE 136
136.178.0.0 NASA Research Network
136.188.0.0 – 136.197.255.255 Defense Intelligence Agency
136.207.0.0 69th Signal Battalion
136.208.0.0 HQ, 5th Signal Command
136.209.0.0 HQ 5th Signal Command
136.210.0.0 HQ 5th Signal Command
136.212.0.0 HQ 5th Signal Command
136.213.0.0 HQ, 5th Signal Command
136.214.0.0 HQ, 5th Signal Command
136.215.0.0 HQ, 5th Signal Command
136.216.0.0 HQ, 5th Signal Command
136.217.0.0 HQ, 5th Signal Command
136.218.0.0 HQ, 5th Signal Command
136.219.0.0 HQ, 5th Signal Command
136.220.0.0 HQ, 5th Signal Command
136.221.0.0 HQ, 5th Signal Command
136.222.0.0 HQ, 5th Signal Command

RANGE 137
137.1.0.0 Whiteman Air Force Base
137.2.0.0 George Air Force Base
137.3.0.0 Little Rock Air Force Base
137.4.0.0 – 137.4.255.255 437 CS/SC
137.5.0.0 Air Force Concentrator Network
137.6.0.0 Air Force Concentrator Network
137.11.0.0 HQ AFSPC/SCNNC
137.12.0.0 Air Force Concentrator Network
137.17.* National Aerospace Laboratory
137.24.0.0 Naval Surface Warfare Center
137.29.0.0 First Special Operations Command
137.67.0.0 Naval Warfare Assessment Center
137.94.* Royal Military College
137.95.* Headquarters, U.S. European Command
137.126.0.0 USAF MARS
137.127.* Army Concepts Analysis Agency
137.128.* U.S. ARMY Tank-Automotive Command
137.130.0.0 Defense Information Systems Agency
137.209.0.0 Defense Information Systems Agency
137.210.0.0 Defense Information Systems Agency
137.211.0.0 Defense Information Systems Agency
137.212.0.0 Defense Information Systems Agency
137.231.0.0 HQ 5th Signal Command
137.232.0.0 Defense Information Systems Agency
137.233.0.0 Defense Information Systems Agency
137.234.0.0 Defense Information Systems Agency
137.235.0.0 Defense Information Systems Agency
137.240.0.0 Air Force Materiel Command
137.241.0.0 75 ABW
137.242.0.0 Air Force Logistics Command
137.243.0.0 77 CS/SCCN
137.244.0.0 78 CS/SCSC
137.245.0.0 Wright Patterson Air Force Base
137.246.0.0 United States Atlantic Command Joint Training

RANGE 138
138.13.0.0 Air Force Systems Command
138.27.0.0 Army Information Systems Command
138.50.0.0 HQ 5th Signal Command
138.65.0.0 HQ, 5th Signal Command
138.76.0.0 NASA Headquarters
138.109.0.0 Naval Surface Warfare Center
138.115.0.0 NASA Information and Electronic Systems Laboratory
138.135.0.0 – 138.135.255.255 DEFENSE PROCESSING CENTERPERAL HARBOR
138.136.0.0 – 138.136.255.255 Navy Computers and Telecommunications Station
138.137.0.0 Navy Regional Data Automation Center (NARDAC)
138.139.0.0 Marine Corps Air Station
138.140.0.0 Navy Regional Data Automation Center
138.141.0.0 Navy Regional Data Automation Center
138.142.0.0 Navy Regional Data Automation Center
138.143.0.0 Navy Regional Data Automation Center
138.144.0.0 NAVCOMTELCOM
138.145.0.0 NCTS WASHINGTON
138.146.0.0 NCTC
138.147.0.0 NCTC
138.148.0.0 NCTC
Увеличете...
 
От: Хакери, атаки, IP-та

Ше се адне...
Аз ще дам по-натам списък с проверени 100% спам по събмит формите.

А как мислите за аксеса и специално за вп - препоръчват да е 444, обаче ако е 444 има много модули, които комуникират с хтаксеса (пишат) и така ще бъдат блокнати. Така че кое е по-удачно 644 или 444
 
От: Хакери, атаки, IP-та

За аксеса стана ясно, че си немате и на идея, но ето ви списъкът за 2012 с баш спамери/ботове и всяква гня по няколко директории :D

Код: 
2.88.155.26
5.9.112.66
5.9.113.104
5.9.115.49
5.9.127.154
5.9.223.170
5.39.66.109
5.39.85.171
5.158.235.142
5.164.231.27
5.164.238.236
23.19.79.210
27.159.233.184
27.159.238.82
37.59.7.18
46.118.156.156
46.118.158.104
46.118.159.17
46.118.240.107
46.119.112.236
46.119.123.249
50.117.73.204
58.22.3.53
58.22.9.253
58.22.10.90
58.22.10.91
60.169.77.119
68.235.36.193
69.160.84.91
69.175.62.74
74.121.190.74
74.121.190.76
74.121.190.77
74.121.190.172
75.101.214.222
82.192.85.4
87.121.74.195
88.190.16.36
88.198.43.228
89.139.2.106
89.252.58.37
91.201.64.27
91.207.4.
91.207.4.17
91.207.5.122
91.207.5.130
91.207.5.142
91.207.5.206
91.207.6.
91.207.6.58
91.207.8.34
91.207.8.74
91.207.8.157
91.231.40.27
91.231.40.28
91.232.96.2
91.232.96.19
91.232.96.28
91.236.74.114
91.236.74.160
91.236.74.189
91.236.74.196
93.158.147.8
93.172.160.146
94.153.8.77
94.153.9.11
94.153.9.101
94.153.9.109
94.242.237.6
94.242.237.54
94.242.251.156
95.79.15.66
95.211.155.104
103.21.208.96
108.163.205.186
108.171.243.58
108.178.52.58
108.178.53.26
111.73.45.14
111.73.45.17
111.73.45.41
111.73.45.108
111.73.45.117
111.73.46.10
111.73.46.11
111.73.46.13
112.101.64.95
112.101.64.103
112.101.64.127
112.101.64.168
112.101.64.214
112.101.64.221
113.212.69.131
113.212.70.
113.212.70.11
113.212.70.139
113.212.70.179
113.212.70.187
117.26.194.160
117.26.202.10
120.40.148.73
120.43.7.148
121.61.118.108
121.205.213.128
121.205.241.202
142.4.117.105
142.11.193.19
168.61.4.249
173.212.246.155
173.242.125.196
176.8.90.165
176.9.146.19
176.9.148.197
176.31.9.212
176.119.0.
176.119.0.6
176.119.0.17
176.212.78.174
178.33.122.
178.95.15.67
178.137.16.218
178.137.161.27
178.158.221.
184.154.125.74
184.173.16.219
188.92.75.244
188.143.234.27
188.165.211.176
192.162.19.
192.210.57.138
192.210.59.250
193.105.210.82
193.105.210.216
193.105.210.217
193.110.115.125
194.44.89.251
194.44.206.200
194.44.233.153
195.62.25.214
195.190.13.82
195.190.13.102
195.190.13.242
198.20.65.228
198.20.65.229
198.27.78.100
198.40.56.218
198.143.156.170
198.143.158.242
198.143.175.106
198.143.175.107
198.143.175.108
198.143.175.109
198.143.175.146
198.143.175.243
199.15.234.6
199.15.234.9
199.15.234.15
199.15.234.20
199.15.234.21
199.83.92.162
199.119.226.97
199.167.138.240
199.180.132.109
216.70.82.143
216.151.130.35
216.151.130.115
216.151.130.116
216.151.138.91
216.152.252.91
216.152.252.99
218.6.15.69
218.86.48.243
218.86.49.98
221.235.188.209
222.187.222.119
222.187.222.120

До година пак :rolleyes:
 
От: Хакери, атаки, IP-та

dertre каза:
На тия блок от htaccess
Увеличете...

dafuq Оо ?

П.П. - губите си времето. Ако някой иска да прави зулуми айпита не го интересуват.

П.П.2 - никой от вас няма толкова "важен" проект, че чак да бъде атакуван от хора. (ок, някои фирми имат, но те имат и финансите да инвестират в защита) Пазете си сайтчетата от популярните автоматични атаки/експлойти и проблеми няма да имате. Ако човек иска да свали сайта/сървъра, ще го направи и нищо няма да го спре.
 
Ето ти един списък с IP адреси използвани за ddos атака през последните 48 часа:

109.121.234.109
123.151.148.175
130.204.193.205
130.204.53.26
131.253.24.134
131.253.24.146
131.253.24.156
131.253.26.236
131.253.26.239
131.253.26.243
131.253.26.246
131.253.36.201
157.55.32.87
157.55.34.168
157.55.35.90
158.58.204.162
188.254.161.55
188.254.165.125
188.254.191.110
188.254.195.57
188.254.214.112
188.254.244.174
212.233.241.72
212.25.54.73
212.5.131.213
213.145.99.90
213.226.63.135
213.226.63.142
213.226.63.143
213.226.63.153
213.226.63.156
213.226.63.60
31.211.159.43
37.157.141.132
46.10.11.254
46.10.226.57
46.232.154.210
46.237.67.58
46.55.128.108
65.55.211.144
65.55.211.171
65.55.211.191
65.55.212.156
65.55.215.56
65.55.215.75
65.55.215.80
65.55.215.81
65.55.215.97
65.55.218.33
66.249.75.146
66.249.75.199
66.249.78.146
66.249.78.199
77.238.76.129
77.70.62.243
77.76.144.106
77.76.181.124
78.128.38.13
78.90.108.8
78.90.123.5
79.100.239.156
82.21.228.132
84.252.12.190
85.118.192.140
85.118.193.175
85.130.46.96
87.121.157.123
87.97.154.204
87.97.231.32
89.215.101.223
89.215.101.244
89.25.16.54
90.154.209.217
91.148.136.28
92.247.192.40
93.152.135.148
93.183.158.50
94.156.97.2
94.26.82.69
94.72.167.62
95.108.158.134
95.168.244.158
Увеличете...
 
Трябва да си влезнал или регистриран, за да отговориш тук.

Горе