22.214.171.124 24/Aug/2018:21:04:47 to 24/Aug/2018:21:21:05 You attempted 434 login attempts. I see you. I know when you visited and that you are trying to break into my site. You have been logged and sent packing with 403s. I have 2,425 of your header logs. Do not do this again.
126.96.36.199 – 188.8.131.52
org-name: Webmaster Agency Ltd
person: Dmitry V. Volkov
address: REALTY.RU LTD
address: 1, Kurchatov Sq.
address: 107005, Moscow
Permanent link to this post
(89 words, 0 images, estimated 21 secs reading time)
It is always warming to see the two Chinas, the PRC and Taiwan, getting along. Today they ganged up and tried to break into my site.
184.108.40.206 s China Unicom Shandong, level 10 risk, malware Spam Zero-Day
220.127.116.11 s Hinet Chunghwa Tel Taiwan, known for bots and infected zombie computers
18.104.22.168 s Chinanet Anhui, level 10 risk, malware Spam Zero-Day
22.214.171.124 s Dou shi-BAR Yin chuan Ningxia, level 10 risk, malware Spam Zero-Day
The last one, from Ningxia, looks surprisingly small as compared to the usually huge number of IP addresses for Chinanet or China Unicom, but they are part of Chinanet Ningxia, which is large.
Again, they come, but this time with individual IPs. Huh? Not so funny anymore. 18 individual IP, all timed differently.
UA: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.89 Safari/537.36
Permanent link to this post
(71 words, 0 images, estimated 17 secs reading time)
Strong, WordPress is, otherwise it would have been breached long ago. These three attackers did a brute force login attack on me today. This is not the first and will certainly not be the last. While I can track down the IP and ISP, and ban them, their origins I will never know. This is the murky world of the internet, and it is worldwide.
- 126.96.36.199: 188.8.131.52 – 184.108.40.206 WIFLY GA GABON has tried security hacks on my site before, 6 attempts
- 220.127.116.11 mes.megion.ru 18.104.22.168 – 22.214.171.124 Lider Telecom Ru, 52 attempts
- 126.96.36.199 188.8.131.52 – 184.108.40.206 Wimax New Delhi IN, 8 attempts
Three hackers, one from Africa, one from Russia, one from India. This is the global entity called the Internet.
Kik content scraper bots sent me this IP from bredbandsbolaget.se. Kik uses single IPs from all over North American ISPs, and they’re now expanding globally. Kik content scrapes my site daily, so it is in my best interest to stop them.
Just for fun I translated from Swedish to English, “bredbandsbolaget” translates to “broadband company”! LOL! bredbandsbolaget.se provides TV, internet and telephone in Sweden. They have a web site. After the ip address the next set of numbers before the “cust” might be the Swedish telephone number, starting with the area code. Then again maybe not, as some have hex
vultr.com is a content scraper that I would like to remove from my site. They are persistent. Vultr.com seems to be the cloud offering from Choopa.
220.127.116.11.vultr.com 18.104.22.168 – 22.214.171.124 126.96.36.199/17
188.8.131.52.vultr.com 184.108.40.206 – 220.127.116.11 18.104.22.168/22
22.214.171.124 126.96.36.199 – 188.8.131.52 184.108.40.206/23
220.127.116.11.vultr.com 18.104.22.168 – 22.214.171.124 126.96.36.199/16
188.8.131.52.vultr.com 184.108.40.206 – 220.127.116.11 18.104.22.168/18
22.214.171.124.vultr.com 126.96.36.199 188.8.131.52 – 184.108.40.206
220.127.116.11 18.104.22.168 – 22.214.171.124 126.96.36.199/25
188.8.131.52.vultr.com. 184.108.40.206 – 220.127.116.11 18.104.22.168/19
22.214.171.124.vultr.com 126.96.36.199 – 188.8.131.52 184.108.40.206/23
fregat.ua is a bot from Russia. It was logged for ransomware, so you really don’t want them to try to break into your site. Quite bold, they are, trying to get my login and admin pages, so they are a definite security threat for trying to break into my site. Fregat.ua is an ISP with a web page.
182.43.PPPoE.fregat.ua 220.127.116.11 18.104.22.168 – 22.214.171.124 126.96.36.199/16
62.30.PPPoE.fregat.ua, IP Address, 188.8.131.52
54.146.dynamic.PPPoE.fregat.ua 184.108.40.206 220.127.116.11 – 18.104.22.168 22.214.171.124/22
I continue to search for work, and Monster.ca is one of many sites I visit. Lately I have noticed that almost all of the jobs posted on Monster are from headhunters. It’s not that headhunters are bad per se, but that some of their advertised job descriptions are close to: “Wanted: Live animal. Able to stand up and breath without keeling over. Please send your resume to ima @ headhunter.com”. Would it kill the recruiter to provide a little more position-related information? Often times there are three headhunters from the same agency posting essentially the same cut and paste effort to the same job board. Do you think that possible candidates do not notice this?