Clicky
Last visit was: Sat Jul 05, 2014 6:51 pm
It is currently Sat Jul 05, 2014 6:51 pm

Bot user registrations


All times are UTC - 5 hours [ DST ]


 [ 1 post ] 
Author Message
 PostPosted: Mon Jul 29, 2013 11:42 pm   
Spam Reporter
User avatar

Joined: Sat Jun 13, 2009 11:34 pm
Posts: 140
I had an interesting day yesterday. I opened up my hobby site sign up page again and got hit by the bots in waiting creating new users.
I run phpnuke with approve member mod so they can't get in. I modified the module and started sending applicants a false activate link.
This led to a hit from the control server... berman.com

http://website.informer.com/Berman+Tech ... s+Ltd..htm

And in the top sites Berman hosts these two.

http://website.informer.com/visit?domain=kafserver.com
http://website.informer.com/visit?domain=norfolkseo.net

From reading the kafserver site I now gather that these account creation attempts are so they can index member content otherwise unavailable to non members.

Here is a short list of logins/from ip's which contains the usual bad actors hitting my server.

Login name, Email, Date, From IP

GlendaQ09 [email protected] Jul 29, 201 35.135.192.4
Jerrod20H [email protected] Jul 29, 2013 64.145.83.176
JerriGlea [email protected] Jul 29, 2013 5.135.192.4
CharissaM [email protected] Jul 29, 2013 216.152.243.246
IngeborgG [email protected] Jul 29, 2013 193.105.154.9
PerryLecl [email protected] Jul 29, 2013 23.19.132.20
RemonaPar [email protected] Jul 29, 2013 87.51.163.199
RonaldMac [email protected] Jul 29, 2013 46.105.133.33
JLQMckinl [email protected] Jul 29, 2013 151.237.190.174
ErwinSali [email protected] Jul 29, 2013 108.163.197.58
ChaseColwscott [email protected] Jul 29, 2013 114.80.142.20
MarkoBowl [email protected] Jul 29, 2013 91.212.124.153
RoxanaSch [email protected] Jul 29, 2013 177.99.236.217
LemuelRancon [email protected] Jul 29, 2013 89.44.21.204
Charlotte [email protected] Jul 29, 2013 219.159.198.8
EmilioNul [email protected] Jul 29, 2013 41.203.95.23
AngelicaN [email protected] Jul 29, 2013 142.234.104.44
Frederick [email protected] Jul 29, 2013 50.118.212.91
LynwoodTu [email protected] Jul 29, 2013 173.208.2.243
NikiMorri [email protected] Jul 29, 2013 50.118.211.60

Hits to the false activation link

ks4004076.ip-142-4-213.net - - [29/Jul/2013:13:07:38 +1200] "GET zlham.geek.nz/activate/?2hdmzZg934heqwds" 403 232 "http://www.zlham.geek.nz/" "Opera/9.80 (Windows NT 6.2; Win64; x64) Presto/2.12.388 Version/12.15" 404 480
bermantech.com - - [29/Jul/2013:18:53:56 +1200] "GET zlham.geek.nz/activate?2hdmzZg934heqwds" 404 228 "http://www.zlham.geek.nz/" "Opera/9.80 (Windows NT 6.2; Win64; x64) Presto/2.12.388 Version/12.15" 403 476
192.95.22.82 - - [29/Jul/2013:21:59:43 +1200] "GET zlham.geek.nz/activate?user=EmilioNul&2hdmzZg934heqwds" 404 228 "http://www.zlham.geek.nz/" "Opera/9.80 (Windows NT 6.2; Win64; x64) Presto/2.12.388 Version/12.15" 418 476
142.234.104.116.rdns.ubiquity.io - - [29/Jul/2013:22:16:16 +1200] "GET zlham.geek.nz/activate?user=AngelicaN&2hdmzZg934heqwds" 403 232 "http://www.zlham.geek.nz/" "Opera/9.80 (Windows NT 6.2; Win64; x64) Presto/2.12.388 Version/12.15" 418 480


Mod note: topic split as this is actually an independent topic


Top
 Profile  
 [ 1 post ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Wayback machine and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008