There are many that are on both lists.. most are Asia, but there are some locals, like 24.73.176.42 which is in virginia. I reported this to the FBI and offered to help identify the computers involved in the attack. IF they respond, maybe we could build a web app that collects all of our logs on this attack and find the most common ones..
If anyone else wants to report it - go to https://tips.fbi.gov/ perhaps if they get a lot of complaints they will investigate it. It has turned into a denial of service attack for me.. I have been getting database times out errors during peak times. Users are starting to complain.. it is going on for too long. >Now look at how many of those are from Asia Pacific Network Info Centre > >..:.:.:.:.:.:.:.:.:.:. >Bobby Hartsfield >http://acoderslife.com >http://cf4em.com > >-----Original Message----- >From: Al Musella, DPM [mailto:[EMAIL PROTECTED] >Sent: Saturday, August 09, 2008 12:35 PM >To: CF-Talk >Subject: Re: SQL injection attack on House of Fusion > >Here are my top 50: Note that the top 1 is in the same subnet as your >top 1. I had 134,993 attempts that I caught.. > > >IP (times) >203.160.1.52 (705) >203.162.3.160 (373) >203.160.1.76 (325) >61.164.132.230 (325) >59.15.212.125 (258) >210.112.177.244 (252) >70.189.143.59 (219) >221.253.217.138 (204) >96.36.10.144 (196) >24.73.176.42 (194) >98.28.106.213 (190) >68.193.151.157 (165) >24.47.218.244 (162) >123.202.60.95 (143) >59.114.123.73 (141) >218.254.31.26 (140) >202.131.225.173 (138) >125.107.109.47 (135) >189.172.137.45 (133) >203.162.3.169 (133) >68.56.228.46 (133) >12.217.163.28 (132) >67.86.134.184 (132) >76.92.189.111 (132) >61.252.80.122 (131) >67.177.74.149 (130) >69.249.95.147 (130) >70.109.78.114 (129) >202.92.190.172 (125) >70.124.124.12 (124) >85.228.247.106 (122) >190.244.220.149 (121) >12.207.124.127 (118) >74.128.74.54 (118) >69.254.237.179 (117) >98.195.181.47 (117) >163.19.104.53 (114) >218.237.7.174 (114) >24.170.242.107 (114) >67.180.14.106 (113) >83.145.205.184 (112) >142.177.47.211 (110) >58.241.23.162 (110) >68.194.247.48 (110) >75.67.214.54 (110) >76.122.137.243 (110) >74.214.55.53 (108) >99.194.179.224 (108) >124.8.50.109 (107) >121.13.155.156 (105) > > > > > > >Our attacks over the past *24 hours* have originated from *12,007* > >different IP addresses. Twelve THOUSAND. That is not a > >typo. This is an extremely large botnet, pure and simple. These > >IP addresses appaer to be largely random folks who are using > >browsers with vulnerabilities. > > > >Each client, on average, makes 2-4 attack requests. > > > >Here are the origin IPs with the most attacks: > > > >| ip | attacks | tmp1 | tmp2 | > >+-----------------+-------+----------+----------+ > >| 203.160.1.40 | 1246 | NULL | NULL | > >| 203.160.1.70 | 596 | NULL | NULL | > >| 61.164.132.230 | 478 | NULL | NULL | > >| 211.72.233.9 | 471 | NULL | NULL | > >| 203.162.3.159 | 462 | NULL | NULL | > >| 211.72.233.8 | 452 | NULL | NULL | > >| 211.72.233.10 | 429 | NULL | NULL | > >| 221.253.217.138 | 319 | NULL | NULL | > >| 210.112.177.244 | 252 | NULL | NULL | > >| 59.15.212.125 | 252 | NULL | NULL | > >| 70.88.218.70 | 240 | NULL | NULL | > >| 67.86.134.184 | 234 | NULL | NULL | > >| 125.107.109.47 | 231 | NULL | NULL | > >| 202.92.190.172 | 225 | NULL | NULL | > >| 59.114.123.73 | 224 | NULL | NULL | > >| 12.215.231.131 | 218 | NULL | NULL | > >| 68.193.151.157 | 200 | NULL | NULL | > >| 98.28.106.213 | 200 | NULL | NULL | > >| 122.118.202.29 | 198 | NULL | NULL | > >| 67.184.18.83 | 196 | NULL | NULL | > > > >There have been fewer than 5 attacks from each of 4515 different IPs. > > > >So for those of you trying to stop this sort of thing by blocking IP > >addresses, don't bother. > > > >Some of those 203.* and 211.* addresses look suspicious, and perhaps > >are part of the botnet control, but who knows... > > > >I have the complete list of 12,000 IP addresses (and counting at the > >rate of 500+ new IP addresses each hour) of this botnet available if > >that's of any use to anyone. > > > >Regards > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310624 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
