I have a client with a shopping cart, and it logs all failed attempts to log in. I have had 6 failed attempts in the past few weeks from this IP:
141.85.0.69
And it traces back to:
RIPE Network Coordination Centre RIPE-141 (NET-141-0-0-0-1)
141.0.0.0 - 141.85.255.255
Polytechnical Institute of Bucharest PUB-NET (NET-141-85-0-0-1)
141.85.0.0 - 141.85.255.255

At nic.com


Does anyone have any suggestions on what I should do? I just created an .htaccess files to disallow access from this block of IPs, should I email the FBI or something?

The funny thing is that all he's going to get is some peoples address if he actually makes it in since no CC info is stored after an order is processed.

Thanks,

Haha, the FBI?

OK, first of all, you shouldn't just go blocking an entire block of IPs, essentially, you just blocked all of Polytech. You can ban this one IP, that's fair.

You cannot really take legal action, as nothing has been destroyed or even stolen. I think that you need to wake up and realize that aimless attacks like this happen every hour for a major server, chances are, it's a script, and it simply lands on your server every couple of weeks.

The attempt itself is illegal.

See: http://www.usdoj.gov/criminal/cybercrime/1030_new.html

(b) Whoever attempts to commit an offense under subsection (a) of this section shall be punished as provided in subsection (c) of this section.

Your interpretation of that statement is so loose, you could NEVER have anything done to someone who tries a password and is incorrect.

by using the words "attempts to commit an offense", they are being intentionally vauge, everyone knows you cannot arrest someone based on 6 failed password attempts.

Although this wasn't clear in the original post, what username was this IP trying to login with? Was it a client username, or root, or what?

Originally posted by cubision
Your interpretation of that statement is so loose, you could NEVER have anything done to someone who tries a password and is incorrect.

by using the words "attempts to commit an offense", they are being intentionally vauge, everyone knows you cannot arrest someone based on 6 failed password attempts.

Although this wasn't clear in the original post, what username was this IP trying to login with? Was it a client username, or root, or what?

Well, besides the fact that they are trying to login to the admin section of the shopping cart, with the default "root" username and the default password, and they are from Hungary or some where, I'd say that that law would apply. In no way should that person have permission to log in.
Your arugment is like saying that you can't charge people for picking your lock because then they would have to arrest all locksmiths. No, lock smiths have permission in the first place, this guy doesn't.

Er well your not going to get anywhere... neither in criminal or civil matters...... because the guy has caused no damage what so ever...

Your best bet is to just block the IP and go on about life... I'd hate to see if you got this bent out of shape every time someone tried code red or a wu_ftpd exploit on your server. I'm afraid to say that those are extremly small frys and no government agency is going to let themselves be slowed down by small cases like that.

In Short your SOL