My server logs had shown some entries that looks like possible attackes from a host called :

knight.wizardshosting.com and IP 64.46.100.36 when I looked up that domain it showed no where to report abusing, and browser came up with nothing on that domain .

Any body heared about wizardshosting.com (wizards with an s) ?
Where could I report such acts ?



Best Regards

3DWizards (NETBLK-DATACOLO-BLK-1) DATACOLO-BLK-1 64.46.96.0 - 64.46.127.255
DataColo (NETBLK-DATACOLO-SERVERS-01) DATACOLO-SERVERS-01
64.46.100.1 - 64.46.100.255

To single out one record, look it up with "!xxx", where xxx is the
handle, shown in parenthesis following the name, which comes first.

(done with "whois ipaddr"), you might want to look up datacolo, but what type of "possible attacks", because people generally wont do much unless its an outright attack.

If it helps, I think CRego3D is from wizardshosting

http://www.webhostingtalk.com/member.php?s=&action=getinfo&userid=376

there ya go, now you're getting somewhere :D

what exacly the "attack" was ?, send me the part of the log and the frequency it occured to carlos@datacolo.com

from my experience sometimes curious users do things they should not (not necessarly on purpose) while playing around on a system they are not familiar with (linux).

Carlos
DataColo

An attack could be considered anything a ping, a traceroute, trying to login via ftp, a bad script anything. If you would please tell us the nature of the attack or do a copy and paste of the log then we can help figure out what is going on.

http://www.wizardshosting.com/

They are one of the sponsorers of this Forum lol, look for their advert on the forums, at the top:

"Wizards hosting caters to all of your hosting needs, from shared hosting, to dedicated servers and reseller plans...."

Originally posted by Fazel3
They are one of the sponsorers of this Forum lol, look for their advert on the forums, at the top:

"Wizards hosting caters to all of your hosting needs, from shared hosting, to dedicated servers and reseller plans...."

What are you trying to say?

I wasn't trying to say anything at all.... "Any body heared about wizardshosting.com (wizards with an s) ?"


^^ I was replying to the first post, about that ..... the name struck a bell, so i just pointed him to where the advert was.

Here is a portion of my server report :


Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jun 21 11:56:08 localhost portsentry[1174]: attackalert: Connect from host:
knight.wizardshosting.com/64.46.100.36 to TCP port: 111

Security Violations
=-=-=-=-=-=-=-=-=-=
Jun 21 11:56:08 localhost portsentry[1174]: attackalert: Connect from host:
knight.wizardshosting.com/64.46.100.36 to TCP port: 111



Jun 21 11:56:08 localhost portsentry[1174]: attackalert: Connect from host:
knight.wizardshosting.com/64.46.100.36 to TCP port: 111



I hope this will help.

Is that really an attack or a (simple) portscan (which looks like only has happened once since you seem to have quoted the same entry 3 times) performed on Jun 21 11:56:08?

We get literally hundreds of those every day. Its not anything you really need to worry about.

Well, even it is only one time or just port scan shouldn't you report that for the sake of your server and clients data security ?

I have another one who is probing an entry into the server so I reported him to the abuse email associated with his IP. But for this one as you may have seen the wizardshosting.com site isn't working.

wizardshosting.com works for me. Carlos gave you an email address to report the issue

Originally posted by {NIRMANI}
wizardshosting.com works for me. Carlos gave you an email address to report the issue

It is still giving me the 403 and I posted the part of my server report here that concern the matters so no point to email it I think :cool:

A A is probably comign from one of the countries banned from our list

I knwo this is not of any consolation, but the log entry you just showed me, it's a scan, but nothing for you to worry about, there are countless ways that coudl have happened, neither the less, if it itensifies or you see another more agressive attack, you can send me an email, even so you can't see our website

Carlos
Wizards

Carlos,

Just an idea. But if they can't see your site? That means there IP is blocked right? How will there email get there its coming from the same IP. Not sure if your blocking on just that server or router.. :)

Maybe they're blocking with .htaccess or whatever :-)

MatrixRS .. you posted right after me .. yes, I am blockign allot of countries by .htaccess, by doign so I have dropped my FRAUDULENT orders by over 90%

email can still come thru, it woudl be very UNWISE to block countries at router level, you woudl be blocking it for your clients as well

Carlos
Wizards