http://macinroy.com/ is the MacInroy Privacy Auditors. The http://macinroy.com/lesbricoles.com/ brings up a privacy report on your own domain: "Ownership privacy analysis for lesbricoles.com". However, it does not seem to start or stop there.
Nominally, someone is seeking your own /public_html/index.php, from the referrer address, and the referrer is a subdomain, lesbricoll., of another domain, macinroy.com, in an apparent directory /lesbrico:
[...]/public_html/index.php, referer: http://lesbricoll.macinroy.com/lesbrico
On that end, http://macinroy.com/lesbrico is bringing up http://macinroy.com/lesbrico in browser and what is NOT Apache's 404, instead it is a custom one-liner "<h1>Not Found</h1><p>The requested URL /lesbrico was not found on this server.</p>" whose implication is that someone is purposely firing a 404 that may be a normal filespec rather than a normal errordocument (index.html, index.htm, index.php in that position bring up the same file with /[filespec] appended to the original "error").
The question is partly who was busily accessing your index.php in macinroy's name, probably not macinroy (which has no reason to test-test-test-test-test-test your domain [in this specific timeframe]) and it was perhaps by purposely spoofing the latter to reach the former. Dinna work, the referrer was sandbagged.
Nominally, someone is seeking your own /public_html/index.php, from the referrer address, and the referrer is a subdomain, lesbricoll., of another domain, macinroy.com, in an apparent directory /lesbrico:
[...]/public_html/index.php, referer: http://lesbricoll.macinroy.com/lesbrico
On that end, http://macinroy.com/lesbrico is bringing up http://macinroy.com/lesbrico in browser and what is NOT Apache's 404, instead it is a custom one-liner "<h1>Not Found</h1><p>The requested URL /lesbrico was not found on this server.</p>" whose implication is that someone is purposely firing a 404 that may be a normal filespec rather than a normal errordocument (index.html, index.htm, index.php in that position bring up the same file with /[filespec] appended to the original "error").
The question is partly who was busily accessing your index.php in macinroy's name, probably not macinroy (which has no reason to test-test-test-test-test-test your domain [in this specific timeframe]) and it was perhaps by purposely spoofing the latter to reach the former. Dinna work, the referrer was sandbagged.
Last edited by butte on Sun Sep 22, 2013 12:50 am, edited 4 times in total.
This is my last reply to ocsupport:
This whole saga is taking a lot of energies and with my health situation I really don't need this
If he tries one more time to access my site I will post his name and the extension's name!Well if he really want the war then I will reply and post his name/ip in the
forums and the comments section to let everyone know what kind of
seller/developer he is, if it's what he want he will get it
I think that he have more to loose then I do, because if I let everyone know
what kind of seller/developer he his he will have a hard time to sell
anymore extension!
This whole saga is taking a lot of energies and with my health situation I really don't need this
Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)
I was editing to add, 2nd above, while you posted. You have two domains: lesbricoles.com and lesbricollesdecleo.com; nobody else does. The name of one was interposed (injected?) as a subdomain of an outside domain, perhaps spoofing macinroy.com in order to try to trick the defenses into allowing macinroy.com in. Dinna work.
Last edited by butte on Sat Sep 21, 2013 8:19 am, edited 2 times in total.
don't bother putting a store on maintenance. It's not worth the time and money. Just run a store as per normal, and fix anything that comes in your way
I'm wondering if it's related but since I un-installed the extension I get this error many time a day in my error.log in admin
Thanks
Cleo
PHP Warning: file_get_contents(/home/xxxxx/public_html/system/cache/cache.product.total.2.0.2.2acf3a790e9efdc766d79b560d853cdd.1379728427) [<a href='function.file-get-contents'>function.file-get-contents</a>]: failed to open stream: No such file or directory in /home/xxxxxxx/public_html/system/library/cache.php on line 25
Thanks
Cleo
Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)
The timing of the onset, and the intensity, of traffic of macinroy.com, immediately following a known intrusive URL attempt in the address bar (with escapes in hexadecimal string), are curious. One wonders whether macinroy.com might be usable as an offensive weapon, such as by spoofing it or by simply using it and spoofing a buyer address for a "report" after excessive visits.
In this instance much of the traffic denied access in seeking index.php, generally as "client denied by server configuration", and is associated with patterns of what we might politely and benevolently call traffic abuse by scraperbots that are hidden behind obfuscated dns ranging from questionable domains to questionable nameservers, and explore rather than ignore robots.txt, and consume significant bandwidth when they are not blocked.
Prominent in the traffic is macinroy.com, a self-styled privacy validator, offering to search and then sell its discoveries of privacy vulnerabilities ("Check your domain / portfolio for privacy vulnerabilities" above). Its whois privacy is nominally provided by WhoisGuard, Inc., of Panama (above). Granted, who would not hasten to buy into privacy services from a completely obfuscated offeror whose whois cloak is also completely obfuscated, the temptation to buy is -- avoidable.
(a) macinroy.com, involved in logged denials of http requests (client denied by server configuration), asserts New York jurisdiction over legal disputes in widely duplicated officious boilerplate but gives no physical address, and shows ties to
198.100.149.131
216.239.32.27
74.125.142.26
74.125.140.27
through which we wind up with for example likewise logged as denied http requests (client denied by server configuration) from nominal
mailservers, which should not have attempted http browsing:
85.64.56.142
85.25.134.59
and a couple of Swiss webservers
85.3.87.163
195.186.145.180
with ties among those to an array of addresses bound to
registrar-servers.com
(b) macinroy.com, MacInroy Privacy Auditors, is perhaps not very useful. Here note the 85.25.134.59 nominal mailserver (same one as above) as tying back to it. It would seem that when IP and domain match, a mailserver is deemed okay -- the server has an R2D2 loosing http ants in it and a mailman doing the same, more http ants, plus perhaps ant mimes that a malevolent mailman would know and love.
http://techlorebyigor.blogspot.com/2013 ... eally.html
"Indeed, 824MB of bandwidth has been sucked out of my site in a 48 hour span by BLEXBot from 108.178.53.146 and it may not be a coincidence that 85.25.134.59 has pretended to visit my site during this same time period. That is more bandwidth in 48 hours than the combined total bandwidth used in the previous year. Gee thanks, right?!? [Para.] Backtracking that last IP from my logs tells me that MacInroy Privacy Auditors pretty much admits that they have attempted to compromise my site security with the sole purpose of getting the attention of an admin so they could pitch some security services. Most of the information they claim to have audited is completely incorrect and the rest came from whois data"
(c) registrar-servers.com, apparently widely known as an inexpensive registrar and as registrar of large numbers of domains of questioned if not questionable repute, is perhaps not very useful, either. Note Apache.org.
http://mail-archives.apache.org/mod_mbo ... sec.org%3E
"Nearly all of the .pw domains have their authoritative NS at dns*.registrar-servers.com. that registrar and few others are always at the top of my reports for NSs of sender domains of spam we reject."
In this instance much of the traffic denied access in seeking index.php, generally as "client denied by server configuration", and is associated with patterns of what we might politely and benevolently call traffic abuse by scraperbots that are hidden behind obfuscated dns ranging from questionable domains to questionable nameservers, and explore rather than ignore robots.txt, and consume significant bandwidth when they are not blocked.
Prominent in the traffic is macinroy.com, a self-styled privacy validator, offering to search and then sell its discoveries of privacy vulnerabilities ("Check your domain / portfolio for privacy vulnerabilities" above). Its whois privacy is nominally provided by WhoisGuard, Inc., of Panama (above). Granted, who would not hasten to buy into privacy services from a completely obfuscated offeror whose whois cloak is also completely obfuscated, the temptation to buy is -- avoidable.
(a) macinroy.com, involved in logged denials of http requests (client denied by server configuration), asserts New York jurisdiction over legal disputes in widely duplicated officious boilerplate but gives no physical address, and shows ties to
198.100.149.131
216.239.32.27
74.125.142.26
74.125.140.27
through which we wind up with for example likewise logged as denied http requests (client denied by server configuration) from nominal
mailservers, which should not have attempted http browsing:
85.64.56.142
85.25.134.59
and a couple of Swiss webservers
85.3.87.163
195.186.145.180
with ties among those to an array of addresses bound to
registrar-servers.com
(b) macinroy.com, MacInroy Privacy Auditors, is perhaps not very useful. Here note the 85.25.134.59 nominal mailserver (same one as above) as tying back to it. It would seem that when IP and domain match, a mailserver is deemed okay -- the server has an R2D2 loosing http ants in it and a mailman doing the same, more http ants, plus perhaps ant mimes that a malevolent mailman would know and love.
http://techlorebyigor.blogspot.com/2013 ... eally.html
"Indeed, 824MB of bandwidth has been sucked out of my site in a 48 hour span by BLEXBot from 108.178.53.146 and it may not be a coincidence that 85.25.134.59 has pretended to visit my site during this same time period. That is more bandwidth in 48 hours than the combined total bandwidth used in the previous year. Gee thanks, right?!? [Para.] Backtracking that last IP from my logs tells me that MacInroy Privacy Auditors pretty much admits that they have attempted to compromise my site security with the sole purpose of getting the attention of an admin so they could pitch some security services. Most of the information they claim to have audited is completely incorrect and the rest came from whois data"
(c) registrar-servers.com, apparently widely known as an inexpensive registrar and as registrar of large numbers of domains of questioned if not questionable repute, is perhaps not very useful, either. Note Apache.org.
http://mail-archives.apache.org/mod_mbo ... sec.org%3E
"Nearly all of the .pw domains have their authoritative NS at dns*.registrar-servers.com. that registrar and few others are always at the top of my reports for NSs of sender domains of spam we reject."
Is it worth the time for him to do something like that, or is it just a normal bot?
I wish it would be a bot, this is the email he sent and my answer when he came to my site to fix the extension:
From: Seller GabbyAbir
Hello I can't login to ftp and admin
From me
That's why I asked you for your IP
I have CrawlProtect install and it won't let any Ip reach admin except mine or if I add new one
From seller GabbyAbir
My IP is 85.64.56.142
------------------------------
(28 times)
[Tue Sep 17 02:22:39 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/403.shtml
[Tue Sep 17 02:22:39 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/
[Tue Sep 17 02:22:29 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/403.shtml
[Tue Sep 17 02:22:29 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/XXXXXXXX
[Tue Sep 17 02:22:22 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/403.shtml
[Tue Sep 17 02:22:22 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/\xd7\xa9\xd7\x92\xd7\xa6\xd7\x9f\xd7\x9e.
[Tue Sep 17 02:22:07 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/403.shtml
[Tue Sep 17 02:22:07 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/favicon.ico
[Tue Sep 17 02:22:06 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/403.shtml
[Tue Sep 17 02:22:06 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/loisirs-creatifs
Cleo
From: Seller GabbyAbir
Hello I can't login to ftp and admin
From me
That's why I asked you for your IP
I have CrawlProtect install and it won't let any Ip reach admin except mine or if I add new one
From seller GabbyAbir
My IP is 85.64.56.142
------------------------------
(28 times)
[Tue Sep 17 02:22:39 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/403.shtml
[Tue Sep 17 02:22:39 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/
[Tue Sep 17 02:22:29 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/403.shtml
[Tue Sep 17 02:22:29 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/XXXXXXXX
[Tue Sep 17 02:22:22 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/403.shtml
[Tue Sep 17 02:22:22 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/\xd7\xa9\xd7\x92\xd7\xa6\xd7\x9f\xd7\x9e.
[Tue Sep 17 02:22:07 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/403.shtml
[Tue Sep 17 02:22:07 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/favicon.ico
[Tue Sep 17 02:22:06 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/403.shtml
[Tue Sep 17 02:22:06 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/loisirs-creatifs
Cleo
Last edited by Cleo on Sun Oct 11, 2015 8:45 am, edited 1 time in total.
Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)
That is one of the Israeli addresses (under barak-online.net, Israel), not a robot. However, it is blocked.
This would not occur to an ordinary visitor or even to a benign robot, but it is icing on the cake we already have:
[Tue Sep 17 02:22:22 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/\xd7\xa9\xd7\x92
This is not what an ordinary visitor would get into (forbidden):
[Tue Sep 17 02:22:06 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/403.shtml
Apart from the insult to King Kong, just think of King Kong trapped in a huge rope net, scaled down to a roach trapped in a little nylon mesh pouch.
This would not occur to an ordinary visitor or even to a benign robot, but it is icing on the cake we already have:
[Tue Sep 17 02:22:22 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/\xd7\xa9\xd7\x92
This is not what an ordinary visitor would get into (forbidden):
[Tue Sep 17 02:22:06 2013] [error] [client 85.64.56.142] client denied by server configuration: /home/XXXXXXXX/public_html/403.shtml
Apart from the insult to King Kong, just think of King Kong trapped in a huge rope net, scaled down to a roach trapped in a little nylon mesh pouch.
Well finally everything is solved! Well almost, the extension was fixed by a very nice developer and now I'm just waiting for oc support approval the send the money back even if he don't deserve it, because I am an honest person (what he is not) and now that I paid someone else to fix the extension for me I believe that I need to pay for the license to be able to use the extension!
Cleo
Cleo
Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)
Who is online
Users browsing this forum: No registered users and 14 guests
