Results 1 to 15 of 15
-
02-25-2013, 03:49 AM #1Web Hosting Evangelist
- Join Date
- Feb 2004
- Posts
- 491
peg tech is a darknet? massive bandwidth suck
Just a head's up you may want to block peg tech
Sucking huge amounts of bandwidth from our servers from all over their ip ranges. Not sure how these guys aren't in jail since they are in USA
Cannot find a single good thing about them in any database.
http://whois.arin.net/rest/org/PT-82
http://whois.arin.net/rest/org/PT-82/nets
192.74.224.0/19
199.180.100.0/22
199.188.104.0/21
142.4.96.0/19
142.0.128.0/20
198.200.32.0/19
Peg Tech Inc. San Jose, CA.
Active officers include Feng Yan.
Peg Tech Inc. filed as a Articles of Incorporation on Tuesday, March 20, 2012 in the state of California
Filings: Articles of Incorporation (CA - Active)
State of Record: CA
State Reference ID: 03452099
File Date: Tuesday, March 20, 2012
-
06-16-2013, 09:59 PM #2Newbie
- Join Date
- May 2005
- Location
- Washington State
- Posts
- 6
Peg Tech today
YOur link from ARIN shows more nets; list now is
PT-82-5 (NET-192-74-224-0-1) 192.74.224.0 - 192.74.255.255
PT-82-2 (NET-199-180-100-0-1) 199.180.100.0 - 199.180.103.255
PT-82-1 (NET-199-188-104-0-1) 199.188.104.0 - 199.188.111.255
PT-82-4 (NET-142-4-96-0-1) 142.4.96.0 - 142.4.127.255
PT-82-3 (NET-142-0-128-0-1) 142.0.128.0 - 142.0.143.255
PT-82-6 (NET-198-200-32-0-1) 198.200.32.0 - 198.200.63.255
PT-82-7 (NET-198-2-192-0-1) 198.2.192.0 - 198.2.255.255
PT-82-8 (NET-137-175-0-0-1) 137.175.0.0 - 137.175.127.255
-
06-17-2013, 09:49 AM #3Web Hosting Evangelist
- Join Date
- Feb 2004
- Posts
- 491
Thanks for the alert.
Sheesh someone gave them half a b-block.
Adding 137.175.0.0/17
and 198.2.192.0/18
-
06-18-2013, 02:18 PM #4Newbie
- Join Date
- May 2005
- Location
- Washington State
- Posts
- 6
-
06-18-2013, 09:14 PM #5Web Hosting Evangelist
- Join Date
- Feb 2004
- Posts
- 491
If it's beyond your skill, you need to ask your host to install a firewall on your server like http://configserver.com/cp/csf.html and add the cidr list that I posted to it's blocklist
-
06-19-2013, 12:04 AM #6Disabled
- Join Date
- Aug 2008
- Posts
- 2,237
Thanks for the heads up.
-
08-18-2013, 06:55 PM #7New Member
- Join Date
- Aug 2013
- Posts
- 2
I finally managed to get mod_security and our apps to play nice (ie. very few false positives, and no apparent blocking of legitimate requests) and I encountered Peg Tech and thus this forum thread.
My understanding is that Peg Tech operates a proxy in the USA for various Chinese users, one of which found a particular liking to a single URL on one of our sites for their SQL attack script.
Here are Whois lookups of some of the IPs that were triggering mod_security with various SQL injection attacks.
198.2.213.68, 198.2.213.100, 198.2.213.137 China Beijing China Outcom-urhosts.net
192.74.239.52 United States San Jose Xs
142.4.118.19 United States San Jose Anxin
192.74.228.106 United States San Jose Jitesi
192.74.239.102 United States San Jose China Outcom-urhosts.net
108.186.5.129 China Outcom-urhosts.net
108.186.6.17 China Outcom-urhosts.net
108.186.5.81 AS54600 PEGTECHINC - PEG TECH INC (registered Apr 03, 2012)
142.0.132.180 United States San Jose Vpsbus
58.55.127.238 China Wuhan Chinanet Hubei Province Network <-- this one is not Peg Tech, but same attack vector is used and the same obscure URL is targeted - perhaps their script failed to connect to Peg Tech? :-)
Who is the best organization to contact with regard to sanctioning or blocking of all of Peg Tech due to various violations?
-
08-18-2013, 07:24 PM #8New Member
- Join Date
- Aug 2013
- Posts
- 2
...and here is what appears to be powering them - as a noob I of course cannot link...Insert dots where appropriate.
www raksmart com
Looks formidable... and legitimate, however they do seem to attract bad users and are evidently very lax about enforcing any usage guidelines that they may have, unless they go something like "Hack, spam, do it."
-
08-19-2013, 04:07 AM #9WHT Addict
- Join Date
- May 2005
- Posts
- 104
Just banned their ranges today, tons of requests hitting wp-login.php - as mentioned above, looks like they're providing proxy service for malicious activities.
NMSERVERS - managed hosting, administration, performance analysis and system security services
-
08-24-2013, 09:54 AM #10New Member
- Join Date
- Aug 2013
- Posts
- 1
Brute Force Attacks
This is my number one blocked IP for brute force attacks
-
08-29-2013, 07:55 AM #11Web Hosting Evangelist
- Join Date
- Feb 2004
- Posts
- 491
someone just keeps giving these clowns new routes
latest
PT-82-1 (NET-199-188-104-0-1) 199.188.104.0 - 199.188.111.255
PT-82-2 (NET-199-180-100-0-1) 199.180.100.0 - 199.180.103.255
PT-82-3 (NET-142-0-128-0-1) 142.0.128.0 - 142.0.143.255
PT-82-4 (NET-142-4-96-0-1) 142.4.96.0 - 142.4.127.255
PT-82-5 (NET-192-74-224-0-1) 192.74.224.0 - 192.74.255.255
PT-82-6 (NET-198-200-32-0-1) 198.200.32.0 - 198.200.63.255
PT-82-7 (NET-198-2-192-0-1) 198.2.192.0 - 198.2.255.255
PT-82-8 (NET-137-175-0-0-1) 137.175.0.0 - 137.175.127.255
PT-82-9 (NET-108-186-0-0-1) 108.186.0.0 - 108.186.255.255
CIDR list:
199.188.104.0/21
199.180.100.0/22
142.0.128.0/20
142.4.96.0/19
192.74.224.0/19
198.200.32.0/19
198.2.192.0/18
137.175.0.0/17
108.186.0.0/16
even when they go under someday, these ranges are going to be toxic for years
-
08-29-2013, 10:17 AM #12Newbie
- Join Date
- Aug 2013
- Posts
- 15
-
09-30-2013, 12:44 PM #13New Member
- Join Date
- Sep 2013
- Posts
- 2
peg tech
Has anybody communicated with these guys? I've denied around 30 ip addresses in the past 2 weeks.
-
09-30-2013, 12:47 PM #14Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
-
09-30-2013, 01:25 PM #15New Member
- Join Date
- Sep 2013
- Posts
- 2
wrong peg tech
I googled peg tech and came up with pegtech.com which is the wrong company. I didn't realize it and wrote them about the crawlers and scrapers. they wrote back quickly. here is what they wrote.
We are aware of it and it is not us. More information can be found at:
pegtech.com/component/content/article/2-uncategorised/30-spam-from-peg-tech-inc
Then they wrote me another email saying:
I am sorry that you are having problems with this spammer situation. Please be assured that we are working on it from our end, trying to get law enforcement to handle it, but you know how that is...
Regards,
Jason Cecchettini
President
Pegasus Technologies, Inc.
Similar Threads
-
Today will either suck, or suck worse. RAID re-build, now /var/db/mysql is *gone*
By consolibyte in forum Web HostingReplies: 6Last Post: 12-17-2009, 01:19 PM -
Hard reset on Sony Clie PEG TJ35/E1
By zaax in forum Web Hosting LoungeReplies: 0Last Post: 11-03-2004, 03:06 PM