Henan police Academy 河南公安学院, Zhengzhou, China, left me some comment spam today.
Today the Henan Police Academy 河南公安学院 from Zhengzhou, Henan, visited my site and left comment spam. I thought it very odd, because Chinese government organizations, including Chinese police, are usually quite discreet and don’t present themselves in such an open way.
22.214.171.124 Henan Police Academy Henan Gongan Xueyuan 河南公安学院 HNGAZK-CN at http://hnp.edu.cn/. Their IP range is 126.96.36.199 – 188.8.131.52. There are a couple of abuse postings from them such as 1, 2
Yep, very popular hacking tools! Metasploit
Took the install from Rapid7’s site. It all went very well.
To start they had the command “./msfconsole”, which did not work for me. It started with “msfconsole”. The initial run created the initial database. The “db_status” command also worked.
I did not seem to need to do the “service postgresql start” command. I did a search and received a message: Module database cache not built yet, using slow search. To build the cache do “db_rebuild_cache”. This worked, link. Now my searches work.
67 WordPress vulnerabilities
6 Drupal vulnerabilities
This is a preview of
Metasploit, Armitage and NMap Install on Ubuntu 16.04
. Read the full post (297 words, 0 images, estimated 1:11 mins reading time)
Playing, I am, with the Nikto web server scanning package. I scanned my own site, just for fun. While it does take some time, it did finish. I wondered how it would look from my site’s raw access log viewpoint. In summary, Nikto is not stealthy at all. It is also easily detected and banned mid-scan, as it takes a long time to complete.
Essentially you start a Terminal, and type “nikto -h “. There are lots of options, such as output to a log. The Nikto output highlights web site vulnerabilities and cross references these with a database of known hacks. Using this tool you can highlight the site’s weaknesses and then strengthen your site from hackers.
184.108.40.206 strider.delmarvagroup.com, from the MCI Communications block, you really need to put some smarts into your bot. What are you thinking?
220.127.116.11 – 18.104.22.168 MCI Communications
I’m not sure why you are doing this, but please stop. I don’t have a contact form at that location.
This is a preview of
strider.delmarvagroup.com 22.214.171.124 really wants to contact me
. Read the full post (371 words, 0 images, estimated 1:29 mins reading time)
For the longest time my site has been tracked and spammed by 163data.com.cn. I, and others, have wondered about the story behind the number 163. Was it a Chinese Army unit number similar to 解放军 61398部隊? Alas, there seems to be nothing so exciting. There are only a few links about the history of 163.
It looks like in the ’90s when you had to dial a telephone number to a modem and reach the internet, 163 was appended to a local number. Thus 163 was commonly used and therefore memorable. After this time NetEase started 163.com and used 163 to start China’s largest free email service, the Chinese equivalent to gmail. 163.com remains very popular in China today.
This Bell Canada IP address is unusual and came up when I did a host command. It hosts 12 sites. I did not find anything else suspicious about it on X-Force Exchange.
Permanent link to this post
(45 words, 0 images, estimated 11 secs reading time)
City of Toronto internet scraper bot scrapes my site a couple of times per month. Why? Toronto, Canada
I live in the City of Toronto, and write about Toronto-related subjects. What is surprising is that the City of Toronto has an internet bot that randomly scrapes content from my site a couple of times each month. The bot started scraping me near the end of January 2017.
What is interesting was that I, concerned citizen, actually emailed them because I thought they had a Zombie PC taken over by a bot, or some other security issue. I sent the City a log of the relevant entries related to their IP address. Was I naive. Here is their reply (firstname.lastname@example.org):
This IP address came up on my usual log processing as unusual. Usually an IP address lookup returns a single host name and not multiples. All these host names are associated with the IP 126.96.36.199 United Computer Systems, Sweden. It is a busy IP, with 25 hostnames, so very unusual. It also tried to break my login security. Risk 1/10, known for bots
Permanent link to this post
(89 words, 0 images, estimated 21 secs reading time)
Want you do, to go to a concert, but just after the supposed start time for ticket sales, all the tickets are gone. You, again, have lucked out. Minutes later these tickets are all available on reseller sites for double the price. It really does sound like a scam. While the US just enacted a federal law, here in Ontario we are just starting the investigation phase. I hope that we can adopt something as strong as the US in order to keep an even keel with bot technology and online shopping safe.
Four IPs scraped my site in identical ways: Fetch the most recent document, then scrape parts of the rest of the site. The IP changes, and they repeat. They fetch the same identical document, but then scrape different parts of my site but only for images.
I’ll keep my eye on such activity and see if I further pin down something more definite.
UA: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727), which seems to be not unique