Reporting server abuse coming from a Plusnet IP
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: Reporting server abuse coming from a Plusnet ...
Reporting server abuse coming from a Plusnet IP
31-05-2015 2:12 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It went quiet for a week but its back on the same IP address which suggests either the machine has got re-infected or its cycling round a list of targets.
I've put a .htaccess rule in to block it but obviously the machine is still compromised
The logs it's leaving behind look like this:
[tt]212.159.xxx.xxx - - [31/May/2015:10:46:56 +0100] "GET /Ringing.at.your.dorbell! HTTP/1.0" 403 306 "http://google.com/search?q=2+guys+1+horse" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk
212.159.xxx.xxx - - [31/May/2015:10:46:57 +0100] "GET / HTTP/1.0" 403 282 "-" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk
212.159.xxx.xxx - - [31/May/2015:10:46:57 +0100] "GET / HTTP/1.1" 403 277 "http://google.com/search?q=2+guys+1+horse" "x00_-gawa.sa.pilipinas.2015" 127.0.0.1
212.159.xxx.xxx - - [31/May/2015:10:46:57 +0100] "GET /Diagnostics.asp HTTP/1.0" 403 297 "-" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk
212.159.xxx.xxx - - [31/May/2015:10:46:57 +0100] "GET / HTTP/1.0" 403 282 "-" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk
212.159.xxx.xxx - - [31/May/2015:10:46:57 +0100] "GET / HTTP/1.0" 403 282 "-" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk
212.159.xxx.xxx - - [31/May/2015:10:46:57 +0100] "GET / HTTP/1.0" 403 282 "-" "x00_-gawa.sa.pilipinas.2015" www.tty.org.u[/tt]k
Re: Reporting server abuse coming from a Plusnet IP
01-06-2015 11:12 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: Reporting server abuse coming from a Plusnet IP
01-06-2015 7:53 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Steve
Re: Reporting server abuse coming from a Plusnet IP
02-06-2015 1:07 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I got a response from link:csa removed so hopefully the problem is now resolved.
Steve
adie:red removed CSA name as per link:rules]
Re: Reporting server abuse coming from a Plusnet IP
07-06-2015 8:43 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
[tt]212.159.xxx.xxx - - [03/Jun/2015:11:56:39 +0100] "GET / HTTP/1.0" 403 282 "-" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk
212.159.xxx.xxx - - [03/Jun/2015:11:56:40 +0100] "GET / HTTP/1.1" 403 277 "http://google.com/search?q=2+guys+1+horse" "x00_-gawa.sa.pilipinas.2015" 127.0.0.1
212.159.xxx.xxx - - [03/Jun/2015:11:56:40 +0100] "GET /Diagnostics.asp HTTP/1.0" 403 297 "-" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk
212.159.xxx.xxx - - [03/Jun/2015:11:56:40 +0100] "GET / HTTP/1.0" 403 282 "-" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk
212.159.xxx.xxx - - [03/Jun/2015:11:56:40 +0100] "GET / HTTP/1.0" 403 282 "-" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk
212.159.xxx.xxx - - [03/Jun/2015:11:56:40 +0100] "GET / HTTP/1.0" 403 282 "-" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk
212.159.xxx.xxx - - [03/Jun/2015:12:14:23 +0100] "GET /Ringing.at.your.dorbell! HTTP/1.0" 403 306 "http://google.com/search?q=2+guys+1+horse" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk
212.159.xxx.xxx - - [03/Jun/2015:12:14:23 +0100] "GET / HTTP/1.0" 403 282 "-" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk
212.159.xxx.xxx - - [03/Jun/2015:12:14:24 +0100] "GET / HTTP/1.1" 403 277 "http://google.com/search?q=2+guys+1+horse" "x00_-gawa.sa.pilipinas.2015" 127.0.0.1
212.159.xxx.xxx - - [03/Jun/2015:12:14:24 +0100] "GET /Diagnostics.asp HTTP/1.0" 403 297 "-" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk
212.159.xxx.xxx - - [03/Jun/2015:12:14:25 +0100] "GET / HTTP/1.0" 403 282 "-" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk
212.159.xxx.xxx - - [03/Jun/2015:12:14:26 +0100] "GET / HTTP/1.0" 403 282 "-" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk
212.159.xxx.xxx - - [03/Jun/2015:12:14:26 +0100] "GET / HTTP/1.0" 403 282 "-" "x00_-gawa.sa.pilipinas.2015" www.tty.org.uk[/tt]
So did the CS representative actually do anything?
Re: Reporting server abuse coming from a Plusnet IP
08-06-2015 12:39 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: Reporting server abuse coming from a Plusnet IP
08-06-2015 12:53 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Reporting server abuse coming from a Plusnet IP
08-06-2015 3:22 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: Reporting server abuse coming from a Plusnet ...