Shoot the breeze, anything goes.
User avatar
Steven W
VIP
Posts: 2862
Joined: 2013-08-10 22:40

2021-04-14 01:18 »

! wrote:
2021-04-13 10:34
Steven W wrote:
2021-04-13 02:06
The sad thing is, there's probably some legit users in those ranges, but I suppose the odds of them trying to access this site are somewhat slim.
Yeah, true but I really had no choice. They were hitting the server 24x7, totally crazy. As you said, I don't think anyone from those ranges will visit here anyway though.
Uh-huh, and if the ISP uses DHCP, a legit user one day, a weapon the next.

User avatar
!
30%
Posts: 3259
Joined: 2013-02-25 18:36

2021-04-14 02:39 »

PROBLEMCHYLD wrote:
2021-04-13 17:32
That shit is crazy.
Yeah! :sick: It seems to have stopped now so I guess I caught all of the ranges in that list. I wonder why the ISPs don't do anything about this. It can't be invisible to them? Surely they know about these infected machines? Or maybe not, meh, who knows. 🤷‍♀️

User avatar
Steven W
VIP
Posts: 2862
Joined: 2013-08-10 22:40

2021-04-14 04:09 »

I wouldn't bet on it only being infected machines.

User avatar
!
30%
Posts: 3259
Joined: 2013-02-25 18:36

2021-04-17 09:13 »

Help! Can you explain this? I have not blocked the range correctly? How can it still try to login even though I put that range in the firewall to block? Is 194.61.54.0/24 wrong to block 194.61.54.217? Isn't .0/24 the range .0 to .255???
Screenshot_20210417-090006~2.png
Screenshot_20210417-090006~2.png (206.16 KiB) Viewed 3675 times

User avatar
!
30%
Posts: 3259
Joined: 2013-02-25 18:36

2021-04-17 10:45 »

! wrote:
2021-04-17 09:13
Help! Can you explain this? I have not blocked the range correctly? How can it still try to login even though I put that range in the firewall to block? Is 194.61.54.0/24 wrong to block 194.61.54.217? Isn't .0/24 the range .0 to .255???

Screenshot_20210417-090006~2.png
Hahaha never mind! Look at the dates in the log, it's from before I blocked them. lol... I'm sleepy. :lol: :razz: :mrgreen:

User avatar
!
30%
Posts: 3259
Joined: 2013-02-25 18:36

2021-04-17 10:49 »

This one is very odd though. I don't get many of them but very strange. There is no IP logged at all. What the fuck is ADVAPI? Can't find much about it anywhere.
Screenshot_20210417-104633~2.png
Screenshot_20210417-104633~2.png (34.34 KiB) Viewed 3672 times

User avatar
!
30%
Posts: 3259
Joined: 2013-02-25 18:36

2021-04-17 14:57 »

! wrote:
2021-04-17 10:49
This one is very odd though. I don't get many of them but very strange. There is no IP logged at all. What the fuck is ADVAPI? Can't find much about it anywhere.

Screenshot_20210417-104633~2.png
It seems to be FTP related. :think:

User avatar
Steven W
VIP
Posts: 2862
Joined: 2013-08-10 22:40

2021-04-18 16:29 »

Isn't ADVAPI used to log on to IIS (Internet Information Services)?

User avatar
Steven W
VIP
Posts: 2862
Joined: 2013-08-10 22:40

2021-04-18 17:05 »

I suppose it may be used for other things too, you're right, not much documentation. Do you have to use NTLM?

User avatar
Steven W
VIP
Posts: 2862
Joined: 2013-08-10 22:40

2021-04-18 17:19 »

Steven W wrote:
2021-04-18 17:05
Do you have to use NTLM?
Or are you? Perhaps I'm misreading. Been a long time since I've messed with that stuff.

Post Reply