h3%5kr3w Posted February 25, 2009 Posted February 25, 2009 dunno who this is but this is retarded (it's freaking anonymous!) Also, I would like to add that obviously AlFTP shows the ip addy for whoever is trying to connect. : ! 202.106.53.50 connected < 202.106.53.50 USER backup > 202.106.53.50 331 Password required for backup. (the rest omitted for redundancy) To top it off, this happened over about 15 seconds, not slow enough for a person to type in. And just using tracert found that whoever it was is in the seattle wa district on comcast... heh, probably a spoofed ip anyway, but would someone that smart do this? I am investigating... Quote
gcninja Posted February 25, 2009 Posted February 25, 2009 that ip rings back as china...hmm, then again, is that the real ip or one you put in for show? Quote
h3%5kr3w Posted February 25, 2009 Author Posted February 25, 2009 I copy pasted it. actually that was wrong (the tracert results.) here is what tracert gives me. and here's what I have from net tools so far.. Quote
dr0p Posted February 25, 2009 Posted February 25, 2009 Probably just an automated script... happens all the time. Quote
Sparda Posted February 25, 2009 Posted February 25, 2009 202.106.0.0 - 202.106.255.255 CNCGROUP Beijing province network China Network Communications Group Corporation No.156,Fu-Xing-Men-Nei Street, Beijing 100031 CNCGroup Hostmaster abuse@cnc-noc.net No.156,Fu-Xing-Men-Nei Street, Beijing,100031,P.R.China +86-10-82993155 +86-10-82993102 sun ying fu xing men nei da jie 97, Xicheng District Beijing 100800 +86-10-66030657 +86-10-66078815 suny@publicf.bta.net.cn Quote
h3%5kr3w Posted February 25, 2009 Author Posted February 25, 2009 Thanx sparda! Now I know the chinese gov. really is after me! j/k... yah... prolly just a script... (why didnt I get that memo?!) CNCGroup is into system outsourcing. Also seems on alot of forums to be getting attention because of spamming servers, etc coming from that group. Now I am not that leet, but is this something I should consult my ip on? I mean they run local blacklists dont they? (im on ATNT formerly bellsouth) I know the Internet has been lacking lately for my connection, and this seemes to be something that would connect in the equation. Quote
nullArray Posted February 25, 2009 Posted February 25, 2009 Our servers are constantly being bombarded by chinese and russians..., It's annoying,... especially when they discover the email that generates support tickets..., thank god for white/graylisting Quote
gcninja Posted February 25, 2009 Posted February 25, 2009 202.106.0.0 - 202.106.255.255 CNCGROUP Beijing province network China Network Communications Group Corporation No.156,Fu-Xing-Men-Nei Street, Beijing 100031 CNCGroup Hostmaster abuse@cnc-noc.net No.156,Fu-Xing-Men-Nei Street, Beijing,100031,P.R.China +86-10-82993155 +86-10-82993102 sun ying fu xing men nei da jie 97, Xicheng District Beijing 100800 +86-10-66030657 +86-10-66078815 suny@publicf.bta.net.cn i got taht too, just didnt post it, thought he did a WHOIS, hmm.. jw, whats the rule again? they can hack us and we can do nothing but we hack them and they scream for blood? (i dont mean hack the FBI or anyhting just like target, and mess with it, yet we a hit a site of theirs and they want blood) Quote
ls Posted February 25, 2009 Posted February 25, 2009 interesting: Starting Nmap 4.62 ( http://nmap.org ) at 2009-02-25 13:39 CET Insufficient responses for TCP sequencing (2), OS detection may be less accurate Interesting ports on 202.106.53.50: Not shown: 1697 closed ports PORT STATE SERVICE VERSION 23/tcp open telnet? 25/tcp filtered smtp 80/tcp filtered http 81/tcp open hosts2-ns? 110/tcp filtered pop3 135/tcp filtered msrpc 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 593/tcp filtered http-rpc-epmap 4444/tcp filtered krb524 7070/tcp open http Apache httpd 2.0.52 ((Red Hat)) 8080/tcp filtered http-proxy 12345/tcp filtered netbus 12346/tcp filtered netbus 27374/tcp filtered subseven 31337/tcp filtered Elite an apache test page on port 7070 : http://202.106.53.50:7070/ also if you search google for this ip, you get alot of hosts.deny files but also a file called botnet.txt : http://robert.kolatzek.org/botnet.txt and look at this: http://202.106.53.50:81/ Quote
will-wtf Posted February 25, 2009 Posted February 25, 2009 An attempt to exploit and host the botnet? On a mass scale? <let the conspiracy begin> Quote
VaKo Posted February 25, 2009 Posted February 25, 2009 I've never seen a internet connected machine not be subject to these types of attack tbh, and its the reason why things like denyhosts exists. Its a constant war, not a conspiracy. Chinese hackers spend most of there days scanning large blocks of IP's and attempting to bruteforce any listening service they can find. TBH its gone so far and has so many levels of automatation its starting to turn into some kinda distrubuted AI. Quote
digip Posted February 25, 2009 Posted February 25, 2009 TBH its gone so far and has so many levels of automatation its starting to turn into some kinda distrubuted AI. i hear you on that one. I get the same spammer tryign to reach my site at the same time every day. its automated, and comes from the same IP, even though now they get a 403 forbidden, they dont; care, cause its automated, and they probably never even check to see if its working. Almost ALL the spam and hack attempts I see on my site and home machine stem from china, and russia. Quote
deleted Posted February 25, 2009 Posted February 25, 2009 When I had my last server, the IP Address would get several hits from the same IP Addresses in China, the Philipeans and Russia and it looked like port scans, you'd think after they had done a port scan and found there wasnt anything of interest, they would give up on the server and stop scanning it/remove it from the script. Quote
h3%5kr3w Posted February 25, 2009 Author Posted February 25, 2009 ....yah, but when you have like 14mbps or higher, I guess they would'nt care... Why does china do shit like this anyway? I mean hell we got hackers trying to give them freedom of speech. LAME... seems like stuff like this will go on forever.. Remember the first time you ever used zonealarm? First time I used it I found AOL hitting me like there was no tomorrow. Quote
will-wtf Posted February 25, 2009 Posted February 25, 2009 Meh. Life moves on. You can buy chinese proxy servers i think, so that could be a reason why the chinese ip. Just ideas Quote
wtf thats my ip Posted December 11, 2009 Posted December 11, 2009 read my name. it srsly is. creepy. I have the same IP as a chinese hacker (although im in china and you wont find me at 复兴门内大街97,西城区) Quote
H@L0_F00 Posted December 11, 2009 Posted December 11, 2009 IN OTHER NEWS!... Google "opt-out" feature guarantees to protect privacy Quote
555 Posted December 12, 2009 Posted December 12, 2009 As soon as i setup my new forums, I had russians trying to hack them. I just say put the ban hammer down, Ban every IP trying to attack your server. Like dr0p said it is probuly some script kiddy using a program to scan for exploits on large ip blocks, you just happned to get scaned or maybe the program worked and found an exploit Quote
h3%5kr3w Posted December 13, 2009 Author Posted December 13, 2009 Man this was a good while ago... Funny to think what I know now compared to then (which was only 10 months ago) This was only a temporary FTP I put up to distribute some files though, so no harm, no foul. Since then I have put more ummph into my firewall anyways. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.