Post by Cleo » Thu Jul 23, 2015 11:34 am

I blocked this IP a few weeks ago and since then he's trying very hard to hack my site!
Today he tried to log in my crawlprotect dashboard!!!
37.187.129.166
Recently reported forum spam source. (1642)
Several attempted account hijacks on our forum from this IP in the last few days (June '15). - 2015-06-29
Alerted by my email that someone attempted logging into a website with my username from this IP. - 2015-06-30
Tried to log in to my forum account 15 times. - 2015-07-05
Notified that this IP address attempted to login into a forum using my username. - 2015-07-10
Also Alerted by my email that someone attempted logging into a website with my username from this IP. - 2015-07-15
Was alerted that someone in Austria tried to login to my forum account several times, but failed, luckily Beware of this IP. - 2015-07-17
Got an email saying someone tried to log into my forum account with this email address. - 2015-07-19
--------------------
From BotScout.com Report for this IP: 37.187.129.166'
Your search returned a total of 9614 matches (not all results shown)
-----------------
My error.log---
[Wed Jul 22 18:05:30.793201 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:30.589143 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:30.382919 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:30.110438 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:29.903941 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:29.694056 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:29.474001 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:29.150994 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:28.935823 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:28.744761 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:28.543508 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:28.337422 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:28.146281 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:27.972373 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:27.748864 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:27.559403 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:27.249459 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:27.066933 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:26.640449 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:25.933372 2015] [access_compat:error] [pid 34250] [client 37.187.129.166:45554] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/crawlprotect/noaccess/index.php, referer: http://hvd-store.com/
[Wed Jul 22 18:05:20.627973 2015] [access_compat:error] [pid 34242] [client 37.187.129.166:43642] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/, referer: http://hvd-store.com/
[Wed Jul 22 13:34:56.076694 2015] [access_compat:error] [pid 688839] [client 37.115.191.45:57446] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/index.php, referer: http://sohoindia.net/
[Wed Jul 22 13:34:56.075539 2015] [access_compat:error] [pid 688839] [client 37.115.191.45:57446] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/, referer: http://sohoindia.net/
[Wed Jul 22 13:34:55.464935 2015] [access_compat:error] [pid 697548] [client 37.115.191.45:55818] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/index.php, referer: http://sohoindia.net/
[Wed Jul 22 13:34:55.464068 2015] [access_compat:error] [pid 697548] [client 37.115.191.45:55818] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/, referer: http://sohoindia.net/
[Wed Jul 22 13:34:54.627981 2015] [access_compat:error] [pid 689396] [client 37.115.191.45:49801] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/index.php, referer: http://sohoindia.net/
[Wed Jul 22 13:34:54.626836 2015] [access_compat:error] [pid 689396] [client 37.115.191.45:49801] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/, referer: http://sohoindia.net/
[Wed Jul 22 13:34:53.396354 2015] [access_compat:error] [pid 689399] [client 37.115.191.45:55152] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/index.php, referer: http://brothers-smaller.ru/
[Wed Jul 22 13:34:53.395111 2015] [access_compat:error] [pid 689399] [client 37.115.191.45:55152] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/, referer: http://brothers-smaller.ru/
[Wed Jul 22 13:34:52.463509 2015] [access_compat:error] [pid 689247] [client 37.115.191.45:53258] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/index.php, referer: http://brothers-smaller.ru/
[Wed Jul 22 13:34:52.462384 2015] [access_compat:error] [pid 689247] [client 37.115.191.45:53258] AH01797: client denied by server configuration: /home/XXXXXXXX/public_html/, referer: http://brothers-smaller.ru/
Could it be the reason I have 35/35 process running at the same time this morning?
Cleo

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am

Post by IP_CAM » Fri Jul 24, 2015 7:33 am

Don't try to STOP it, re-Directed it, to some funny URL, like I did, a while ago.
One of the way's below should work!

Code: Select all

RewriteEngine On
# EITHER THIS
RewriteCond %{HTTP_REFERER} ^.dontknow\.me [NC,OR]
RewriteCond %{HTTP_REFERER} ^.wareseeker\.com [NC,OR]
RewriteCond %{HTTP_REFERER} vicodinonline\.is\.dreaming\.org [NC,OR]
RewriteCond %{HTTP_REFERER} volny\.cz [NC,OR]
# AND/OR THIS
RewriteCond %{REMOTE_ADDR} ^76\.178\.61\.102 [OR]
RewriteCond %{REMOTE_ADDR} ^76\.191\.100\.111 [OR]
RewriteCond %{REMOTE_ADDR} ^77\.242\.37\.5$ [OR]
RewriteCond %{REMOTE_ADDR} ^66\.90\.104\.20$
# I.E., SEND EM TO LAS VEGAS
RewriteRule /*$ http://www.las-vegas.com [L,R]
Good Luck
Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by Cleo » Fri Jul 24, 2015 8:52 am

:banana: :yahoo: :banana: :gamer:

I like that!

One day I realize while looking at my crawltrack report that hvd-store.com was coming to my site everyday, so I looked at the link and saw that it was the page of a domain for sale I think it was from godaddy but I thought that it was funny that a domain for sale was visiting my site! So I made a research for the IP and found out that the page was from godaddy but not the IP, so I blocked the domain and the IP in crawlprotect and since then they are trying from different IP. But it's look like that after seeing the stopping page from crawlprotect they are mad and want to find a way to log in it!

But I do like the idea of re-direct! If I wouldn't be using crawlprotect I would do it but I feel a little more secure with it since my site have been hack and that I had a script injection.

Regards

Cleo

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am
Who is online

Users browsing this forum: No registered users and 54 guests