Timestamp: 2012-05-09 15:43:12 (GMT)
Alert: COSED [CSG-GOP-009] SCAN Sqlmap SQL Injection Scan
Source: 78.46.66.112 (43741)
Destination: 200.189.113.50 (80)
Timestamp: 2012-05-15 09:08:23 (GMT)
Alert: COSED [CSG-GOP-009] SCAN Sqlmap SQL Injection Scan
Source: 78.46.66.112 (56067)
Destination: 200.
On Tue, May 22, 2012 at 11:18 PM, Mike Perry wrote:
> Thus spake Jon (torance...@gmail.com):
>
> > On Tue, May 22, 2012 at 3:17 PM, Mike Perry >wrote:
> >
> > > > On Tue, 22 May 2012 13:29:54 -0500
> > > > Jon allegedly wrote:
> > > >
> > > > > Yep same here, got notice today from ISP on a repor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
We also get (and ignore) these automated reports. Try to convince your
ISP to reassign the IP range and list you as abuse contact.
If that does not work, you can simply block celepar's ranges.
Scanning 129 recent mails:
Destination: 200.189.113.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
We also get (and ignore) these automated reports. Try to convince your
ISP to reassign the IP range and list you as abuse contact.
If that does not work, you can simply block celepar's ranges.
Scan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
We also get (and ignore) these automated reports. Try to convince your
ISP to reassign the IP range and list you as abuse contact.
If that does not work, you can simply block celepar's ranges:
- From scanning 129 recent mails:
Destination: 200.1
On Tue, 22 May 2012 16:21:46 -0500
Jon allegedly wrote:
> >
> The port was 57734 - of course that doesn't mean another port could
> be used
That looks like a source port to me. In my case, the (allegedly)
attacked ports were 80, so clearly webservers.
Mick
On Tue, 22 May 2012 13:17:20 -0700
Mike Perry allegedly wrote:
>
> As of yet, no one has mentioned the port. Out of curiosity, is it
> included in the Reduced Exit Policy?
> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
Mike
The port number reported was 80. My exit policy
>> > I just blocked the port and kept on serving
>
> As of yet, no one has mentioned the port. Out of curiosity, is it
> included in the Reduced Exit Policy?
> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
I cannot say. However it may be as simple as blocking sql's defaul
Thus spake Jon (torance...@gmail.com):
> On Tue, May 22, 2012 at 3:17 PM, Mike Perry wrote:
>
> > > On Tue, 22 May 2012 13:29:54 -0500
> > > Jon allegedly wrote:
> > >
> > > > Yep same here, got notice today from ISP on a report of the 20th for
> > > > alledged hacking with someone using sqlmap.
On Tue, May 22, 2012 at 3:17 PM, Mike Perry wrote:
> Thus spake mick (m...@rlogin.net):
>
> > On Tue, 22 May 2012 13:29:54 -0500
> > Jon allegedly wrote:
> >
> > > Yep same here, got notice today from ISP on a report of the 20th for
> > > alledged hacking with someone using sqlmap. the reporting
Thus spake mick (m...@rlogin.net):
> On Tue, 22 May 2012 13:29:54 -0500
> Jon allegedly wrote:
>
> > Yep same here, got notice today from ISP on a report of the 20th for
> > alledged hacking with someone using sqlmap. the reporting ip was a
> > brazilian gov ip address.
> >
> > I just blocked t
On Tue, 22 May 2012 15:27:41 -0400
Michael Millspaugh allegedly wrote:
> Can you be more specific with your resolution for this issue?
> I've received a second abuse report in a week for the same issue - SQL
> scanning - and I'll have to shut down my node unless I can somehow
> block this activit
Michael Millspaugh wrote on 22.05.2012:
> Can you be more specific with your resolution for this issue?
> I've received a second abuse report in a week for the same issue - SQL
> scanning - and I'll have to shut down my node unless I can somehow block
> this activity. I have source and destination
Can you be more specific with your resolution for this issue?
I've received a second abuse report in a week for the same issue - SQL
scanning - and I'll have to shut down my node unless I can somehow block
this activity. I have source and destination ports and IPs available, but
it lists the source
I can also confirm same attack it must have been huge o.o
On 22 May 2012 20:17, tor-admin wrote:
> mick wrote on 22.05.2012:
> > I assume you mean "IP address" rather than "port" here.
> >
> > Despite offering, I wasn't given the opportunity to do that.
> >
> > Interesting that you also see
mick wrote on 22.05.2012:
> I assume you mean "IP address" rather than "port" here.
>
> Despite offering, I wasn't given the opportunity to do that.
>
> Interesting that you also seem to have been used in targetting the
> brazilian government.
>
I can confirm abuse messages for same target, s
On Tue, 22 May 2012 13:29:54 -0500
Jon allegedly wrote:
>
> Yep same here, got notice today from ISP on a report of the 20th for
> alledged hacking with someone using sqlmap. the reporting ip was a
> brazilian gov ip address.
>
> I just blocked the port and kept on serving
>
I assume you
On Tue, May 22, 2012 at 10:37 AM, Fosforo wrote:
> same here. someone using sqlmap
>
> --
> []s Fosforo
> -
> "Only the wisest and stupidest of men never change."
> -Confusio
>
same here. someone using sqlmap
--
[]s Fosforo
-
"Only the wisest and stupidest of men never change."
-Confusio
-
On Tue, May 22, 2012 at 8:18 AM, mick wrote:
> Hi
>
> I have
Hi
I have today, reluctantly, switched my node
torofotheworld.aibohphobia.org from an exit node to relay only. My ISP
has stayed faithful over several abuse reports in the past, but this
week following two more in quick sucession (from brazilian government
services by the look of it) they have ask
20 matches
Mail list logo
