Posts mit dem Label Internet werden angezeigt. Alle Posts anzeigen
Posts mit dem Label Internet werden angezeigt. Alle Posts anzeigen

Sonntag, 23. November 2014

Just another abuse joke

Yesterday my server was under attack by the following addresses.

  • 62.210.141.172
  • 62.210.172.143
  • 62.210.172.206

A revers lookup of the addresses shows that they belong to poneytelecom.eu. 

# for addr in 62.210.141.172 62.210.172.143 62.210.172.206; do dig -x $addr +short; done
62-210-141-172.rev.poneytelecom.eu.
62-210-172-143.rev.poneytelecom.eu.
62-210-172-206.rev.poneytelecom.eu.

Taking a look at the web page reveals an abuse link. I was impressed and gave it a try. I entered the IP addresses and the correct time. Next I entered my e-mail address the abuse type "Bruteforce" and pasted a copy of my ssh authentication log.

auth.info: Nov 22 17:04:22 sshd[2199]: Failed password for root from 62.210.172.206 port 50916 ssh2
auth.info: Nov 22 17:04:28 sshd[2199]: Failed password for root from 62.210.172.206 port 50916 ssh2
auth.info: Nov 22 17:04:33 sshd[2199]: Failed password for root from 62.210.172.206 port 50916 ssh2
auth.info: Nov 22 17:04:43 sshd[2218]: Failed password for root from 62.210.172.206 port 55633 ssh2
auth.info: Nov 22 17:04:50 sshd[2218]: Failed password for root from 62.210.172.206 port 55633 ssh2
auth.info: Nov 22 17:04:57 sshd[2218]: Failed password for root from 62.210.172.206 port 55633 ssh2
auth.info: Nov 22 17:05:07 sshd[2251]: Failed password for root from 62.210.172.206 port 60456 ssh2
auth.info: Nov 22 17:05:14 sshd[2251]: Failed password for root from 62.210.172.206 port 60456 ssh2
auth.info: Nov 22 17:05:20 sshd[2251]: Failed password for root from 62.210.172.206 port 60456 ssh2
auth.info: Nov 22 17:05:31 sshd[2271]: Failed password for root from 62.210.172.206 port 35897 ssh2
auth.info: Nov 22 17:05:38 sshd[2271]: Failed password for root from 62.210.172.206 port 35897 ssh2
auth.info: Nov 22 17:05:44 sshd[2271]: Failed password for root from 62.210.172.206 port 35897 ssh2
auth.info: Nov 22 17:05:52 sshd[2293]: Failed password for root from 62.210.172.206 port 39627 ssh2
auth.info: Nov 22 17:05:58 sshd[2293]: Failed password for root from 62.210.172.206 port 39627 ssh2
auth.info: Nov 22 17:06:02 sshd[2293]: Failed password for root from 62.210.172.206 port 39627 ssh2
auth.info: Nov 22 17:06:10 sshd[2315]: Failed password for root from 62.210.172.206 port 42566 ssh2
auth.info: Nov 22 17:06:16 sshd[2315]: Failed password for root from 62.210.172.206 port 42566 ssh2
auth.info: Nov 22 17:06:22 sshd[2315]: Failed password for root from 62.210.172.206 port 42566 ssh2
auth.info: Nov 22 17:06:30 sshd[2337]: Failed password for root from 62.210.172.206 port 55252 ssh2
auth.info: Nov 22 17:06:34 sshd[2337]: Failed password for root from 62.210.172.206 port 55252 ssh2
auth.info: Nov 22 17:06:38 sshd[2337]: Failed password for root from 62.210.172.206 port 55252 ssh2
auth.info: Nov 22 17:06:48 sshd[2354]: Failed password for root from 62.210.172.206 port 38336 ssh2
auth.info: Nov 22 17:06:55 sshd[2354]: Failed password for root from 62.210.172.206 port 38336 ssh2
auth.info: Nov 22 17:07:01 sshd[2354]: Failed password for root from 62.210.172.206 port 38336 ssh2
auth.info: Nov 22 17:07:11 sshd[2374]: Failed password for root from 62.210.172.206 port 53116 ssh2
auth.info: Nov 22 17:07:18 sshd[2374]: Failed password for root from 62.210.172.206 port 53116 ssh2
auth.info: Nov 22 17:07:24 sshd[2374]: Failed password for root from 62.210.172.206 port 53116 ssh2
auth.info: Nov 22 17:07:34 sshd[2397]: Failed password for root from 62.210.172.206 port 40920 ssh2
auth.info: Nov 22 17:07:40 sshd[2397]: Failed password for root from 62.210.172.206 port 40920 ssh2
auth.info: Nov 22 17:07:46 sshd[2397]: Failed password for root from 62.210.172.206 port 40920 ssh2
auth.info: Nov 22 17:07:56 sshd[2421]: Failed password for root from 62.210.172.206 port 55725 ssh2
auth.info: Nov 22 17:08:06 sshd[2421]: Failed password for root from 62.210.172.206 port 55725 ssh2
auth.info: Nov 22 17:08:12 sshd[2421]: Failed password for root from 62.210.172.206 port 55725 ssh2
auth.info: Nov 22 17:08:23 sshd[2444]: Failed password for root from 62.210.172.206 port 52929 ssh2
auth.info: Nov 22 17:08:29 sshd[2444]: Failed password for root from 62.210.172.206 port 52929 ssh2
auth.info: Nov 22 17:08:36 sshd[2444]: Failed password for root from 62.210.172.206 port 52929 ssh2
auth.info: Nov 22 17:08:47 sshd[2464]: Failed password for root from 62.210.172.206 port 48487 ssh2
auth.info: Nov 22 17:08:53 sshd[2464]: Failed password for root from 62.210.172.206 port 48487 ssh2
auth.info: Nov 22 17:08:59 sshd[2464]: Failed password for root from 62.210.172.206 port 48487 ssh2
auth.info: Nov 22 17:09:11 sshd[2494]: Failed password for root from 62.210.172.206 port 41285 ssh2
auth.info: Nov 22 17:09:16 sshd[2494]: Failed password for root from 62.210.172.206 port 41285 ssh2
auth.info: Nov 22 17:09:21 sshd[2494]: Failed password for root from 62.210.172.206 port 41285 ssh2
auth.info: Nov 22 17:09:32 sshd[2516]: Failed password for root from 62.210.172.206 port 34060 ssh2
auth.info: Nov 22 17:09:37 sshd[2516]: Failed password for root from 62.210.172.206 port 34060 ssh2
auth.info: Nov 22 17:09:43 sshd[2516]: Failed password for root from 62.210.172.206 port 34060 ssh2
auth.info: Nov 22 17:09:51 sshd[2537]: Failed password for root from 62.210.172.206 port 52864 ssh2
auth.info: Nov 22 17:09:56 sshd[2537]: Failed password for root from 62.210.172.206 port 52864 ssh2
auth.info: Nov 22 17:10:02 sshd[2537]: Failed password for root from 62.210.172.206 port 52864 ssh2
auth.info: Nov 22 17:10:13 sshd[2565]: Failed password for root from 62.210.172.206 port 41045 ssh2
auth.info: Nov 22 17:10:19 sshd[2565]: Failed password for root from 62.210.172.206 port 41045 ssh2
auth.info: Nov 22 17:10:24 sshd[2565]: Failed password for root from 62.210.172.206 port 41045 ssh2
auth.info: Nov 22 17:10:35 sshd[2593]: Failed password for root from 62.210.172.206 port 35403 ssh2
auth.info: Nov 22 17:10:41 sshd[2593]: Failed password for root from 62.210.172.206 port 35403 ssh2
auth.info: Nov 22 17:10:47 sshd[2593]: Failed password for root from 62.210.172.206 port 35403 ssh2
auth.info: Nov 22 17:10:58 sshd[2615]: Failed password for root from 62.210.172.206 port 37722 ssh2
auth.info: Nov 22 17:11:04 sshd[2615]: Failed password for root from 62.210.172.206 port 37722 ssh2
auth.info: Nov 22 17:11:11 sshd[2615]: Failed password for root from 62.210.172.206 port 37722 ssh2
auth.info: Nov 22 17:11:22 sshd[2638]: Failed password for root from 62.210.172.206 port 53056 ssh2
auth.info: Nov 22 17:11:28 sshd[2638]: Failed password for root from 62.210.172.206 port 53056 ssh2
auth.info: Nov 22 17:11:35 sshd[2638]: Failed password for root from 62.210.172.206 port 53056 ssh2
auth.info: Nov 22 17:11:46 sshd[2660]: Failed password for root from 62.210.172.206 port 43890 ssh2
auth.info: Nov 22 17:12:22 sshd[2688]: Failed password for root from 62.210.172.206 port 58024 ssh2
auth.info: Nov 22 17:12:27 sshd[2688]: Failed password for root from 62.210.172.206 port 58024 ssh2
auth.info: Nov 22 17:12:32 sshd[2688]: Failed password for root from 62.210.172.206 port 58024 ssh2
auth.info: Nov 22 17:12:39 sshd[2702]: Failed password for root from 62.210.172.206 port 34130 ssh2
auth.info: Nov 22 17:12:44 sshd[2702]: Failed password for root from 62.210.172.206 port 34130 ssh2
auth.info: Nov 22 17:12:48 sshd[2702]: Failed password for root from 62.210.172.206 port 34130 ssh2
auth.info: Nov 22 17:12:57 sshd[2718]: Failed password for root from 62.210.172.206 port 40606 ssh2
auth.info: Nov 22 17:13:04 sshd[2718]: Failed password for root from 62.210.172.206 port 40606 ssh2
auth.info: Nov 22 17:13:11 sshd[2718]: Failed password for root from 62.210.172.206 port 40606 ssh2
auth.info: Nov 22 17:13:21 sshd[2788]: Failed password for root from 62.210.172.206 port 48292 ssh2
auth.info: Nov 22 17:13:26 sshd[2788]: Failed password for root from 62.210.172.206 port 48292 ssh2
auth.info: Nov 22 17:13:31 sshd[2788]: Failed password for root from 62.210.172.206 port 48292 ssh2
auth.info: Nov 22 17:13:41 sshd[2814]: Failed password for root from 62.210.172.206 port 43521 ssh2
auth.info: Nov 22 17:13:47 sshd[2814]: Failed password for root from 62.210.172.206 port 43521 ssh2
auth.info: Nov 22 17:13:52 sshd[2814]: Failed password for root from 62.210.172.206 port 43521 ssh2
auth.info: Nov 22 17:14:02 sshd[2834]: Failed password for root from 62.210.172.206 port 43164 ssh2
auth.info: Nov 22 17:14:07 sshd[2834]: Failed password for root from 62.210.172.206 port 43164 ssh2
auth.info: Nov 22 17:14:13 sshd[2834]: Failed password for root from 62.210.172.206 port 43164 ssh2
auth.info: Nov 22 17:14:22 sshd[2854]: Failed password for root from 62.210.172.206 port 37908 ssh2
auth.info: Nov 22 17:14:27 sshd[2854]: Failed password for root from 62.210.172.206 port 37908 ssh2
auth.info: Nov 22 17:14:32 sshd[2854]: Failed password for root from 62.210.172.206 port 37908 ssh2
auth.info: Nov 22 17:14:42 sshd[2874]: Failed password for root from 62.210.172.206 port 56492 ssh2
auth.info: Nov 22 17:14:44 sshd[2874]: Failed password for root from 62.210.172.206 port 56492 ssh2
auth.info: Nov 22 17:14:50 sshd[2874]: Failed password for root from 62.210.172.206 port 56492 ssh2
auth.info: Nov 22 17:15:00 sshd[2889]: Failed password for root from 62.210.172.206 port 41655 ssh2
auth.info: Nov 22 17:15:05 sshd[2889]: Failed password for root from 62.210.172.206 port 41655 ssh2
auth.info: Nov 22 17:15:10 sshd[2889]: Failed password for root from 62.210.172.206 port 41655 ssh2
auth.info: Nov 22 17:15:21 sshd[2910]: Failed password for root from 62.210.172.206 port 34993 ssh2
auth.info: Nov 22 17:15:26 sshd[2910]: Failed password for root from 62.210.172.206 port 34993 ssh2
auth.info: Nov 22 17:15:32 sshd[2910]: Failed password for root from 62.210.172.206 port 34993 ssh2
auth.info: Nov 22 17:15:41 sshd[2933]: Failed password for root from 62.210.172.206 port 52663 ssh2
auth.info: Nov 22 17:15:44 sshd[2933]: Failed password for root from 62.210.172.206 port 52663 ssh2
auth.info: Nov 22 17:15:50 sshd[2933]: Failed password for root from 62.210.172.206 port 52663 ssh2
auth.info: Nov 22 17:15:58 sshd[2951]: Failed password for root from 62.210.172.206 port 35746 ssh2
auth.info: Nov 22 17:16:04 sshd[2951]: Failed password for root from 62.210.172.206 port 35746 ssh2
auth.info: Nov 22 17:16:11 sshd[2951]: Failed password for root from 62.210.172.206 port 35746 ssh2
auth.info: Nov 22 17:16:19 sshd[2973]: Failed password for root from 62.210.172.206 port 57551 ssh2
auth.info: Nov 22 17:16:25 sshd[2973]: Failed password for root from 62.210.172.206 port 57551 ssh2
auth.info: Nov 22 17:16:29 sshd[2973]: Failed password for root from 62.210.172.206 port 57551 ssh2
auth.info: Nov 22 17:16:37 sshd[2993]: Failed password for root from 62.210.172.206 port 40210 ssh2
auth.info: Nov 22 17:16:41 sshd[2993]: Failed password for root from 62.210.172.206 port 40210 ssh2
auth.info: Nov 22 17:16:47 sshd[2993]: Failed password for root from 62.210.172.206 port 40210 ssh2
auth.info: Nov 22 17:16:54 sshd[3019]: Failed password for root from 62.210.172.206 port 53521 ssh2
auth.info: Nov 22 17:16:59 sshd[3019]: Failed password for root from 62.210.172.206 port 53521 ssh2
auth.info: Nov 22 17:17:04 sshd[3019]: Failed password for root from 62.210.172.206 port 53521 ssh2
auth.info: Nov 22 17:17:11 sshd[3043]: Failed password for root from 62.210.172.206 port 33313 ssh2
auth.info: Nov 22 17:17:14 sshd[3043]: Failed password for root from 62.210.172.206 port 33313 ssh2
auth.info: Nov 22 17:17:19 sshd[3043]: Failed password for root from 62.210.172.206 port 33313 ssh2
auth.info: Nov 22 17:17:28 sshd[3062]: Failed password for root from 62.210.172.206 port 60962 ssh2
auth.info: Nov 22 17:17:33 sshd[3062]: Failed password for root from 62.210.172.206 port 60962 ssh2
auth.info: Nov 22 17:17:37 sshd[3062]: Failed password for root from 62.210.172.206 port 60962 ssh2
auth.info: Nov 22 17:17:45 sshd[3078]: Failed password for root from 62.210.172.206 port 43115 ssh2
auth.info: Nov 22 17:17:52 sshd[3078]: Failed password for root from 62.210.172.206 port 43115 ssh2
auth.info: Nov 22 17:17:58 sshd[3078]: Failed password for root from 62.210.172.206 port 43115 ssh2
auth.info: Nov 22 17:18:05 sshd[3096]: Failed password for root from 62.210.172.206 port 55068 ssh2
auth.info: Nov 22 17:18:09 sshd[3096]: Failed password for root from 62.210.172.206 port 55068 ssh2
auth.info: Nov 22 17:18:14 sshd[3096]: Failed password for root from 62.210.172.206 port 55068 ssh2
auth.info: Nov 22 17:18:20 sshd[3114]: Failed password for root from 62.210.172.206 port 59523 ssh2
auth.info: Nov 22 17:18:26 sshd[3114]: Failed password for root from 62.210.172.206 port 59523 ssh2
auth.info: Nov 22 17:18:32 sshd[3114]: Failed password for root from 62.210.172.206 port 59523 ssh2
auth.info: Nov 22 17:18:40 sshd[3130]: Failed password for root from 62.210.172.206 port 41482 ssh2
auth.info: Nov 22 17:18:46 sshd[3130]: Failed password for root from 62.210.172.206 port 41482 ssh2
auth.info: Nov 22 17:18:52 sshd[3130]: Failed password for root from 62.210.172.206 port 41482 ssh2
auth.info: Nov 22 17:19:01 sshd[3148]: Failed password for root from 62.210.172.206 port 59707 ssh2
auth.info: Nov 22 17:19:04 sshd[3148]: Failed password for root from 62.210.172.206 port 59707 ssh2
auth.info: Nov 22 17:19:08 sshd[3148]: Failed password for root from 62.210.172.206 port 59707 ssh2
auth.info: Nov 22 17:19:14 sshd[3165]: Failed password for root from 62.210.172.206 port 33131 ssh2
auth.info: Nov 22 17:19:18 sshd[3165]: Failed password for root from 62.210.172.206 port 33131 ssh2
auth.info: Nov 22 17:19:21 sshd[3165]: Failed password for root from 62.210.172.206 port 33131 ssh2
auth.info: Nov 22 17:19:26 sshd[3177]: Failed password for root from 62.210.172.206 port 53828 ssh2
auth.info: Nov 22 17:19:30 sshd[3177]: Failed password for root from 62.210.172.206 port 53828 ssh2
auth.info: Nov 22 17:19:33 sshd[3177]: Failed password for root from 62.210.172.206 port 53828 ssh2
auth.info: Nov 22 17:19:36 sshd[3186]: Failed password for root from 62.210.172.206 port 40026 ssh2
auth.info: Nov 22 17:19:39 sshd[3186]: Failed password for root from 62.210.172.206 port 40026 ssh2
auth.info: Nov 22 17:19:41 sshd[3186]: Failed password for root from 62.210.172.206 port 40026 ssh2

I did the same for the two other attacking addresses.

Next I got thre e-mails from noreply@online.net which tell me that I should confirm the abuse report. I did so and thought nice, it seems to work.

[Online] Abuse #38682 - mail confirmation for abuse on server ip address 62.210.172.206

ONLINE SAS
Technical assistance
BP 438 - 75366 Paris CEDEX 08
France

Tel: +33 1 84 13 00 00
Fax: +33 899 173 788 (1.35 EUR / call then 0.34 EUR / min from a French landline)

Subject : Abuse request

Dear Sir or Madam,

Thank you for your abuse request on server ip address 62.210.172.206.

We have record it with reference A-38682.

Please confirm your abuse using this address:

https://console.online.net/en/account/abuses/confirm/38682/1416672261/a70bdf4c27fff2db6e16bf0a67ed4aa2

You will receive an answer from our customer or our abuse service in 24 to 48 hours delay after confirmation.

If you have any questions, please contact our assistance https://console.online.net/assistance/

Best regards,

--
The Online team

Fine so far, I thought.

But this morning I had a choking cough, because I made to mistake to check my e-mail while eating a bun. I got three masterpiece of incident resolution intelligence. This is one of them.

[Online] Abuse #38682 - abuse for server ip address 62.210.172.206 resolved

ONLINE SAS
Technical assistance
BP 438 - 75366 Paris CEDEX 08
France

Tel: +33 1 84 13 00 00
Fax: +33 899 173 788 (1.35 EUR / call then 0.34 EUR / min from a French landline)

Subject : Abuse notification resolved

Dear Sir or Madam,

Your abuse number 38682 is now closed.

Here is a comment left by our customer:
----------------------------------------------------------------

Why root account password will change by oneself?

----------------------------------------------------------------

If you have any questions, please contact our assistance https://console.online.net/assistance/

Best regards,

--
The Online team

All the effort to implement a nice abuse workflow is rendered superfluous by a stupid bone-head user accepting a useless counter question having nothing to do with the attack and explaining even less.

Eingestellt von um Keine Kommentare:
Labels: ,

Sonntag, 9. November 2014

Die Dreistigkeit der Placebo-Mafia

Unter der Domäne www.cialis20mgkaufen.net findet sich folgende schmucke Webseite.

Die Webseite betitelt sich selbst als "Geprüfter Deutscher Shop". Wenn man sich das Impressum der Seite ansieht, sieht man sofort, dass der Laden in der urdeutschen Gemeinde Venlo angesiedelt ist. Vielleicht war Deutschland in den Grenzen von Kaiser Karl dem Großen gemeint. Einem technisch versierten Beobachter fällt außerdem noch auf, dass das Impressum als Grafik hinterlegt ist. Dafür kann es eigentlich nur einen Grund geben: man will erreichen, dass die Information möglichst schlecht automatisch gelesen werden kann.

Wenn man sich dann den Inhalt der Whois-Datenbank für die DNS-Registrierung ansieht, stellt man fest, dass die Firma "Web Domains By Proxy" aus Pakistan die Domäne registriert hat. Man hat keine Mühen gescheut, seine Identität zu verschleiern.

Aber der größte Witz ist das Testergebnis von Stiftung Warentest. Angeblich wurden in Heft 06/2011 "Potenzmittel Online Apotheken aus Europa" getestet. Wer sich den Titel ausgedacht hat, sollte vielleicht beim Postillon anheuern. Wenn man sich also das tatsächliche Inhaltsverzeichnis von Heft 06/2011 ansieht, findet man den besagten Test natürlich nicht.

Vermutlich gilt das gleich für sämtliche anderen Logos auf der Seite: alles frei erfunden.

Sehr hübsch ist auch das Google+-Profil von unserem Apotheker.

Der gute Mann wohnt in Berlin und hat seine Versandlager laut Impressum in München, Venlo und UK. Die immense Reisetätigkeit, die eine solche Kombination nach sich zieht, ist vermutlich auch der Grund, warum er leider bislang noch keine Gelegenheit hatte, die deutsche Sprache zu lernen.

Wenn man dann das süße Profilfoto nimmt und bei Google eine Suche nach ähnlichen Bildern macht, findet man einen Dr. med. Ulrich Albers.

Man kann also mit ziemlicher Sicherheit sagen, dass auf der zitierten Webseite so ziemlich alles gelogen ist. Wer dort kauft, kann sein Geld auch direkt in den Gulli werfen. Ein Beispiel für die ganz alltägliche Internet-Abzocke.

Update

Eigenartiger Weise scheint Google ein Interesse daran zu haben, dass die Machenschaften von dubiosen Internet-Anbietern nicht veröffentlicht werden. Denn wie von Geisterhand sind die Screenshots, die ich von der dubiosen Webseite gemacht hatte, aus meinem Picasa-Konto gelöscht worden, ohne dass mich irgend jemand über diese Vorgänge informiert hat. Ich bin mal gespannt, ob die fleißige Bienchen, die sich für die Interessen von Internetbetrügern einsetzen, auch meinen Blog besuchen.

Eingestellt von um Keine Kommentare:
Labels: , ,

Dienstag, 27. November 2012

Long Term Evolution Next Generation (LTENG)

Nowadays there is almost no web site without any Facebook, Twitter, Google, "Fuck my brain" or what else button. Those buttons are implemented by loading JavaScript APIs and images. After loading the APIs the code gets executed and does itself some TCP connections maybe even with TLS encryption to load additional data like the number of bone heads which already pawed the button. In the end you have about a dozen network connections for every single page significantly slowing down what you really want to see.

But there is a solution for the global network pollution: Adblock. Let us pray to the god of the Internet to thank him for giving us the Internet litter service.

After you have done this you should consider doing it just again.

Next we can customize the Adblock with the following URLs: 

connect.facebook.net
platform.twitter.com
apis.google.com/js/plusone.js
Now we can lay back and enjoy the new Internet speed boost. I call it Long Term Evolution Next Generation™.

Feel free to like it. But do not tell anybody about. Nobody wants to know it.

Eingestellt von um Keine Kommentare:
Labels: ,

Freitag, 26. Oktober 2012

Der gläserne Mensch

Ich bin mittelmäßig verblüfft über den Grad, den die Überwachung im Internet inzwischen angenommen hat. Am 16. habe ich ein Album von bei Amazon gekauft. Keine zehn Tage später bekam ich von Twitter eine Aufforderungen, ich solle doch diesem Künstler auf Twitter folgen. Zufall? Ich glaube nicht.
Eingestellt von um Keine Kommentare:
Labels: ,

Montag, 28. Februar 2011

Das fängt ja gut an

Nachdem wir den Service von Versatal zu hassen gelernt haben und Alice auch nicht wirklich überzeugen konnte, lag die Idee nahe, es mal wieder bei der Telekom zu versuchen. Morgen fängt der Vertrag an und weit und breit kein Router in Sicht. Beim Versuch auf das Service-Center zuzugreifen dann sowas:
Tuess bis demnächst mal, wenn ich wieder Internet habe...
Eingestellt von um Keine Kommentare:
Labels: ,
Abonnieren Posts (Atom)