Results 1 to 19 of 19
  1. #1
    Join Date
    Mar 2002
    Posts
    97

    * Attacked From ...

    My server logs had shown some entries that looks like possible attackes from a host called :

    knight.wizardshosting.com and IP 64.46.100.36 when I looked up that domain it showed no where to report abusing, and browser came up with nothing on that domain .

    Any body heared about wizardshosting.com (wizards with an s) ?
    Where could I report such acts ?



    Best Regards

  2. #2
    Join Date
    Dec 2001
    Location
    Toronto, Ontario, Canada
    Posts
    5,954
    3DWizards (NETBLK-DATACOLO-BLK-1) DATACOLO-BLK-1 64.46.96.0 - 64.46.127.255
    DataColo (NETBLK-DATACOLO-SERVERS-01) DATACOLO-SERVERS-01
    64.46.100.1 - 64.46.100.255

    To single out one record, look it up with "!xxx", where xxx is the
    handle, shown in parenthesis following the name, which comes first.

    (done with "whois ipaddr"), you might want to look up datacolo, but what type of "possible attacks", because people generally wont do much unless its an outright attack.

  3. #3
    Join Date
    Jun 2002
    Posts
    146
    If it helps, I think CRego3D is from wizardshosting

    http://www.webhostingtalk.com/member...nfo&userid=376

  4. #4
    Join Date
    Dec 2001
    Location
    Toronto, Ontario, Canada
    Posts
    5,954

  5. #5

  6. #6
    Join Date
    Feb 2002
    Location
    New York
    Posts
    280
    An attack could be considered anything a ping, a traceroute, trying to login via ftp, a bad script anything. If you would please tell us the nature of the attack or do a copy and paste of the log then we can help figure out what is going on.
    WCSWEB.NETWORKS - 24x7 Support We're here to help anytime, day or night!
    WCSHOST.Net <- Call us (800) 590-0017 ->
    Linux based Cpanel Shared and Reseller premium Hosting with Fantastico & rvskin
    Windows based Helm Shared Premium Hosting / Remote Backup solutions

  7. #7
    Join Date
    Jun 2002
    Posts
    1,874
    http://www.wizardshosting.com/

    They are one of the sponsorers of this Forum lol, look for their advert on the forums, at the top:

    "Wizards hosting caters to all of your hosting needs, from shared hosting, to dedicated servers and reseller plans...."

  8. #8
    Join Date
    Jul 2001
    Location
    n-Dimension
    Posts
    144
    Originally posted by Fazel3
    They are one of the sponsorers of this Forum lol, look for their advert on the forums, at the top:

    "Wizards hosting caters to all of your hosting needs, from shared hosting, to dedicated servers and reseller plans...."
    What are you trying to say?
    http://www.nirmani.net
    [Managed Linux servers, reseller plans & shared web hosting]

  9. #9
    Join Date
    Jun 2002
    Posts
    1,874
    I wasn't trying to say anything at all....
    "Any body heared about wizardshosting.com (wizards with an s) ?"

    ^^ I was replying to the first post, about that ..... the name struck a bell, so i just pointed him to where the advert was.

  10. #10
    Join Date
    Mar 2002
    Posts
    97
    Here is a portion of my server report :

    Active System Attack Alerts
    =-=-=-=-=-=-=-=-=-=-=-=-=-=
    Jun 21 11:56:08 localhost portsentry[1174]: attackalert: Connect from host:
    knight.wizardshosting.com/64.46.100.36 to TCP port: 111

    Security Violations
    =-=-=-=-=-=-=-=-=-=
    Jun 21 11:56:08 localhost portsentry[1174]: attackalert: Connect from host:
    knight.wizardshosting.com/64.46.100.36 to TCP port: 111
    Jun 21 11:56:08 localhost portsentry[1174]: attackalert: Connect from host:
    knight.wizardshosting.com/64.46.100.36 to TCP port: 111

    I hope this will help.

  11. #11
    Join Date
    Jun 2002
    Location
    The Netherlands
    Posts
    393
    Is that really an attack or a (simple) portscan (which looks like only has happened once since you seem to have quoted the same entry 3 times) performed on Jun 21 11:56:08?
    Alexander

  12. #12
    Join Date
    Apr 2001
    Posts
    2,588
    We get literally hundreds of those every day. Its not anything you really need to worry about.

  13. #13
    Join Date
    Mar 2002
    Posts
    97
    Well, even it is only one time or just port scan shouldn't you report that for the sake of your server and clients data security ?

    I have another one who is probing an entry into the server so I reported him to the abuse email associated with his IP. But for this one as you may have seen the wizardshosting.com site isn't working.

  14. #14
    Join Date
    Jul 2001
    Location
    n-Dimension
    Posts
    144
    wizardshosting.com works for me. Carlos gave you an email address to report the issue
    http://www.nirmani.net
    [Managed Linux servers, reseller plans & shared web hosting]

  15. #15
    Join Date
    Mar 2002
    Posts
    97
    Originally posted by {NIRMANI}
    wizardshosting.com works for me. Carlos gave you an email address to report the issue
    It is still giving me the 403 and I posted the part of my server report here that concern the matters so no point to email it I think

  16. #16
    A A is probably comign from one of the countries banned from our list

    I knwo this is not of any consolation, but the log entry you just showed me, it's a scan, but nothing for you to worry about, there are countless ways that coudl have happened, neither the less, if it itensifies or you see another more agressive attack, you can send me an email, even so you can't see our website

    Carlos
    Wizards

  17. #17
    Join Date
    Mar 2002
    Location
    Orlando, FL
    Posts
    182
    Carlos,

    Just an idea. But if they can't see your site? That means there IP is blocked right? How will there email get there its coming from the same IP. Not sure if your blocking on just that server or router..
    Vortech, Inc.
    http://www.matrixreseller.com
    [email protected]

  18. #18
    Join Date
    Oct 2001
    Location
    Atlanta, GA
    Posts
    564
    Maybe they're blocking with .htaccess or whatever :-)

  19. #19
    MatrixRS .. you posted right after me .. yes, I am blockign allot of countries by .htaccess, by doign so I have dropped my FRAUDULENT orders by over 90%

    email can still come thru, it woudl be very UNWISE to block countries at router level, you woudl be blocking it for your clients as well

    Carlos
    Wizards

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •