an obvious distraction - blocked ip list

Here's a list of the IP addresses I have blocked after attempted attacks on my server.
Updated 28 May 2005

2005

38.118.42.35         # 20050425 - flytrap
60.194.29.252         # 20050305 - buffer overrun attack (default.ida)
61.31.133.103         # 20050515 - attempted mail relay
61.31.136.18         # 20050516 - attempted mail relay
61.31.0.0/16         # 20050521 - Taiwan Fixed Network - 61.31.0.0 - 61.31.255.255
61.99.5.63         # 20050224 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
61.100.108.69         # 20050528 - automated account attack (patrick only)
61.104.78.133         # 20050513 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
61.120.141.18         # 20050504 - simple automated account attack (test guest admin user)
61.128.235.114         # 20050316 - buffer overrun attack (default.ida)
61.129.49.27         # 20050415 - simple automated account attack (test guest admin user)
61.252.29.118         # 20050331 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
61.231.69.241         # 20050515 - attempted mail relay
63.148.99.239         # 20050516 - flytrap
64.36.122.110         # 20050412 - awstats.pl (awstats buffer overflow vulnerabilities)
64.180.101.53         # 20050409 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
66.17.15.0/24         # 20050516 - flytrap "Schmozilla/v9.14 Platinum"
66.36.243.107         # 20050417 - phpBB attacker (/forum, /phpBB, etc)
67.52.241.195         # 20050514 - flytrap
67.67.12.73         # 20050415 - automated account attack
67.18.8.138         # 20050516 - automated account attack (with reverse mapping)
67.97.232.98         # 20050410 - automated account attack
69.44.157.105         # 20050517 - automated account attack
69.50.193.104         # 20050527 - flytrap (multiple user agent/browser identities)
69.137.99.201         # 20050314 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
70.20.17.97         # 20050504 - simple automated account attack (test guest admin user)
80.73.68.27         # 20050326 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
80.95.70.171         # 20050516 - automated account attack
81.174.142.72         # 20050308 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
82.226.135.11         # 20050225 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
84.204.20.170         # 20050430 - simple automated account attack (test guest admin user)
85.186.200.3         # 20050426 - automated account attack
131.246.137.55         # 20050503 - awstats.pl (awstats buffer overflow vulnerabilities)
140.116.0.0/16         # 20050516 - single unknown SCP connection (Taiwan Academic Network)
147.102.42.64         # 20050507 - automated account attack
148.223.86.226         # 20050515 - multiple unknown SCP connection - 20050515
150.101.211.134         # 20050517 - automated account attack (Internode Customer)
172.142.137.236         # 20050317 - buffer overrun attack (default.ida)
193.54.50.100         # 20050329 - formmail.pl (Web-to-Email CGI script vulnerability)
193.205.161.208         # 20050503 - simple automated account attack (test guest admin user)
194.78.167.0/24         # 20050516 - single unknown SCP connection
194.94.121.126         # 20050506 - automated account attack
195.246.156.52         # 20050410 - automated account attack (short)
196.25.69.154         # 20050424 - nsiislog.dll (Windows 2000 server/IIS 5.0 exploit)
198.234.202.130         # 20050327 - formmail.pl (Web-to-Email CGI script vulnerability)
200.54.64.28         # 20050411 - automated account attack
200.161.72.207         # 20050503 - automated account attack
200.207.123.232         # 20050512 - automated account attack
202.55.229.226         # 20050423 - automated account attack (with reverse mapping)
202.57.65.138         # 20050429 - w32.nimda virus ("GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir")
202.67.155.83         # 20050428 - multiple automated account attacks
202.69.170.177         # 20050513 - automated account attack
202.73.169.170         # 20050509 - automated account attack
202.108.42.56         # 20050426 - Windows hacker? - POST - request without hostname
202.153.41.139         # 20050515 - automated account attack - 20050515
202.176.103.222         # 20050517 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
203.122.0.0/18         # FIRST FIBRE BROADBAND NETWORK IN NEW DELHI, INDIA
206.67.56.201         # 20050516 - simple automated account attack (test guest admin user)
208.6.91.7         # 20050201 - formmail.pl (Web-to-Email CGI script vulnerability)
208.62.7.133         # 20050326 - formmail.pl (Web-to-Email CGI script vulnerability)
209.35.187.105         # 20050508 - awstats.pl (awstats buffer overflow vulnerabilities)
209.151.78.1         # 20050429 - phpBB attacker (/forum, /phpBB, etc)
209.216.150.86         # 20050507 - simple automated account attack (test guest admin user)
210.68.8.169         # 20050515 - automated account attack
210.90.75.130         # 20050504 - automated account attack
210.97.39.61         # 20050425 - automated account attack
210.178.215.221         # 20050501 - simple automated account attack (test guest admin user)
211.40.96.162         # 20050329 - formmail.pl (Web-to-Email CGI script vulnerability)
211.100.13.108         # 20050505 - automated account attack
211.108.59.147         # 20050505 - automated account attack
211.144.146.0/24         # 20050426 - Indy Library - Chinese Spam Bot (caught by flytrap)
211.157.36.0/24         # 20050302 - Indy Library - Chinese Spam Bot
211.174.60.203         # 20050517 - automated account attack
211.184.37.2         # 20050327 - formmail.pl (Web-to-Email CGI script vulnerability)
211.184.65.140         # 20050520 - automated account attack
211.185.42.253         # 20050327 - formmail.pl (Web-to-Email CGI script vulnerability)
211.194.245.114         # 20050410 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
211.219.205.129         # 20050412 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
211.250.14.124         # 20050422 - simple automated account attack (test guest admin user)
211.250.76.162         # 20051205 - formmail.pl (Web-to-Email CGI script vulnerability)
211.251.73.10         # 20050512 - awstats.pl (awstats buffer overflow vulnerabilities)
212.21.124.90         # 20051205 - formmail.pl (Web-to-Email CGI script vulnerability)
212.83.254.178         # 20050228 - awstats.pl (awstats buffer overflow vulnerabilities)
212.143.152.3         # 20050416 - automated account attack
212.166.192.138         # 20050515 - automated account attack
212.202.141.154         # 20051205 - formmail.pl (Web-to-Email CGI script vulnerability)
213.168.225.132         # 20050522 - automated account attack
213.199.192.35         # 20050421 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
213.248.55.24         # 20050427 - automated account attack (patrick only)
216.13.140.114         # 20050425 - awstats.pl (awstats buffer overflow vulnerabilities)
216.150.136.52         # 20050502 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
217.8.138.82         # 20050518 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
217.172.168.109         # 20050203 - awstats.pl (awstats buffer overflow vulnerabilities)
217.195.194.112         # 20050507 - automated account attack (patrick only)
218.64.0.0/11         # 20050221 - China Telecom
218.83.155.79         # 20050221 - proxy attack - GET http://217.106.232.38/default.shtml
218.92.134.236         # 20050220 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
218.101.165.3         # 20050501 - attempted mail relay
218.101.128.0/17         # 20050521 - Hanvit INB Korea - 218.101.128.0 - 218.101.255.255
218.145.226.85         # 20050527 - automated account attack (stopped by ipt_recent)
218.153.147.92         # 20050429 - multiple simple automated account attack (test guest admin user)
218.189.216.181         # 20050320 - awstats.pl (awstats buffer overflow vulnerabilities)
218.195.96.20         # 20050319 - buffer overrun attack (default.ida)
218.208.82.241         # 20050311 - buffer overrun attack (default.ida)
219.80.0.0/15         # 20050521 - Taiwan Fixed Network - 219.80.0.0 - 219.81.255.255
219.81.239.87         # 20050521 - attempted mail relay
219.122.9.163         # 20050417 - multiple unknown SCP connections
219.241.160.4         # 20050307 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
219.252.182.135         # 20050429 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
220.135.202.80         # 20050227 - unknown ~ms18a.hinet.net:25
220.229.40.130         # 20050506 - automated account attack (with reverse mapping)
221.9.67.76         # 20050329 - buffer overrun attack (default.ida)
221.148.158.82         # 20050303 - nsiislog.dll (Windows 2000 server/IIS 5.0 exploit)
221.193.132.8         # 20050419 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
221.194.245.114         # 20050410 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
221.237.182.0/24         # 20050424 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability) IP range
221.245.105.37         # 20050514 - awstats.pl (awstats buffer overflow vulnerabilities)
222.35.15.154         # 20050317 - fp30reg.dll (FrontPage extensions buffer overflow vulnerability)
222.101.92.0/24         # 20050520 - smtphunter - KOREA TELECOM
222.96.0.0/12         # KOREA TELECOM - 222.96.0.0 - 222.122.255.255

take me back to the home page

Web Site Copyright © 2005 James Baker. To report problems with this web site, send an email.
Before you ask why I have such a strange looking email address, click here to find out.

$site design and coding by fractalcoffee.com$