What the hack?

Posted on
Mon Sep 10, 2018 12:14 pm
macpro offline
User avatar
Posts: 693
Joined: Dec 29, 2005
Location: Third byte on the right

What the hack?

Was doing some stuff in Indigo and suddenly I saw lots of "access denied" messages:

Code: Select all
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from Admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from root @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from root @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from root @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from root @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from airlive @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from support @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from support @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from super @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from super @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from super @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from adsl @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from osteam @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from root @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from ZXDSL @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from super @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from mts @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from telecomadmin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from mgts @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from kyivstar @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from telekom @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from superadmin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from superadmin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from engineer @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from superadmin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from fuck3g1 @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from fuck3g1 @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from supervisor @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from Cisco @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from cisco @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from enable @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from pnadmin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from root @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from root @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from user @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/" from user @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/sqlite/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/sqlite/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/sqlite/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/sqlite/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/sqlitemanager/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/sqlitemanager/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/sqlitemanager/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/sqlitemanager/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQLiteManager/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQLiteManager/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQLiteManager/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQLiteManager/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQLite/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQLite/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQLite/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQLite/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQlite/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQlite/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQlite/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQlite/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/test/sqlite/SQLiteManager-1.2.0/SQLiteManager-1.2.0/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/test/sqlite/SQLiteManager-1.2.0/SQLiteManager-1.2.0/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/test/sqlite/SQLiteManager-1.2.0/SQLiteManager-1.2.0/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/test/sqlite/SQLiteManager-1.2.0/SQLiteManager-1.2.0/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQLiteManager-1.2.4/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQLiteManager-1.2.4/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQLiteManager-1.2.4/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/SQLiteManager-1.2.4/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/agSearch/SQlite/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/agSearch/SQlite/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/agSearch/SQlite/main.php" from admin @ 185.210.219.108
   WebServer                       access denied "http://my.server:port/agSearch/SQlite/main.php" from admin @ 185.210.219.108


Looks like someone is trying to knock on Indigo's door.

Suggestion: if Indigo detects such traffic, block that address for a period of time.

"I tawt I taw a puddy tat!" Tweety

Posted on
Mon Sep 10, 2018 12:23 pm
lanbrown offline
Posts: 665
Joined: Sep 26, 2017

Re: What the hack?

Why not just have the appropriate firewall to protect your network?

If you want, you can add a static route and send it to null/blackhole in macOS. The traffic still comes in but it won't be sending anything back.

Posted on
Mon Sep 10, 2018 12:33 pm
macpro offline
User avatar
Posts: 693
Joined: Dec 29, 2005
Location: Third byte on the right

Re: What the hack?

My router is blocking this address now.
But that's only because I saw this attack and I decided to add this address to the black list.

Forgot to mention that this is the address for the Indigo Web Client and I use it.
So blocking it entirely is not an option.

"I tawt I taw a puddy tat!" Tweety

Posted on
Mon Sep 10, 2018 12:37 pm
lanbrown offline
Posts: 665
Joined: Sep 26, 2017

Re: What the hack?

You can also email the ISP so that they can take action against their customer:

[url]https://apps.db.ripe.net/db-web-ui/#/query?bflag&searchtext=185.210.219.108&source=RIPE#resultsSection[/url]

Posted on
Mon Sep 10, 2018 12:45 pm
macpro offline
User avatar
Posts: 693
Joined: Dec 29, 2005
Location: Third byte on the right

Re: What the hack?

Thanks. I've sent them a mail.
Don't expect much from it, but we'll see what happens.

"I tawt I taw a puddy tat!" Tweety

Posted on
Mon Sep 10, 2018 12:52 pm
lanbrown offline
Posts: 665
Joined: Sep 26, 2017

Re: What the hack?

ISP's are usually good at remedying blatant unauthorized access, port scanning, etc. events.

Posted on
Mon Sep 10, 2018 1:42 pm
kw123 offline
User avatar
Posts: 5902
Joined: May 12, 2013
Location: Dallas, TX

Re: What the hack?

Tried that with charter and their suggestion was to change the public ip address


Sent from my iPhone using Tapatalk

Posted on
Mon Sep 10, 2018 1:44 pm
lanbrown offline
Posts: 665
Joined: Sep 26, 2017

Re: What the hack?

Was Charter your ISP or that of the person doing the scanning, intrusion attempts, etc?

Posted on
Mon Sep 10, 2018 3:33 pm
kw123 offline
User avatar
Posts: 5902
Joined: May 12, 2013
Location: Dallas, TX

Re: What the hack?

Charter was the isp and the hack came from China


Sent from my iPhone using Tapatalk

Posted on
Mon Sep 10, 2018 3:50 pm
nlagaros offline
Posts: 1590
Joined: Dec 20, 2010

Re: What the hack?

Are you port forwarding?

Posted on
Mon Sep 10, 2018 4:51 pm
kw123 offline
User avatar
Posts: 5902
Joined: May 12, 2013
Location: Dallas, TX

Re: What the hack?

yes, doing port forwarding and I am checking log files and block ~ 1port scanner IP# every month

And for eg ssh etc I use non standard ports > 5000 externally. As most scanner try to scan ip numbers for known standard ports

Karl

Page 1 of 1

Who is online

Users browsing this forum: No registered users and 1 guest