Fresh from the TekTalk site comes the news why you should stick the deny statement on the attributor.com website attacks.
Attributor acts like a super sleuth for the rich and famous along with those who hold vast copyrights. At least enough to pay their fees. For the fees they charge their clients they claim to rob billions of websites of billions of gigabytes in bandwidth to check and see if they have a word, picture or insight that might be claimed by the client.
Like Tektalk, we found the attributor.com IP hacking our site and in less than 10 minutes had sucked over 25gig in data. Watching the logs these hacks at Attributor suck your site over and over looking at every link to everything over and over again. We know of one video script site that has a search to youtube that got hit for 60 gig and they only had links to Youtube videos. The Attributor spider went nuts and his account was closed.
Now attributor may seem nice but they are taking money from people to rape your bandwidth without cause. Not only that, as a law unto themselves, they do this with no authority, without your permission and without recompense for their rape. Perhaps you think rape is a bit to harsh? If the freaks at Attributor would use a spider and abide by robots.txt they might not do the damage they do. But since they want to see what browsers see they must come into your site like humans, faking you. Robots do not look at videos and graphics and Attributor wants to see everything.
While a tax or fine should be put on Attributor for their brutal assaults on websites we think that you should be aware how to get them out.
Since they do not abide by robots.txt you must deny them in the .htaccess. This can only work if we are all vigilant to changes they will make in this IP due to exposure. We will be watching all our log files to let you know any more we find. Please do the same. Put this line at the top of your .htaccess file at root level
#attributor
deny from 64.41.145.177
How?
Just keep checking your log files for the IP's that download huge amounts of pages and data with the least amount of visits. Look at your logs and see any spikes in activity for a day or two. Get the IP numbers of these offenders and let us know. We can even check and help identify who is hitting you so hard. We all want to know really.
We found this info at Tek Talk
Tuesday, February 17, 2009
Thursday, February 12, 2009
More On Moronic Moroccan Hackers
Some people have asked for some details on the recent spate of Moroccan hackers, so here we go.
The recent spate of hackers come from these IP's in Rabat, Morroco:
196.206.67.140
196.206.69.15
196.217.66.232
196.217.93.129
196.206.105.146
196.206.64.0
196.206.127.255
and one of their buddies
196.206.73.8 in Meknes
These all come from iam.net.ma who are part of dynadot.com
spam contact email
elasri@menara.maoumlil@iam.net.ma
info@dynadot.com
These people host a site that these hackers belong to at arabic-m.com. The site is a childrens sandbox and the only problem is the children getting the autohack tools are not just trying to leave a deface message but destroy data. There are no creative minds at work but still Beware! They are malicious without reason.
These are not anything near "good hackers" they are idiots and do not just deface, they delete all data on a hard drive in a destructive visit.
The recent spate of hackers come from these IP's in Rabat, Morroco:
196.206.67.140
196.206.69.15
196.217.66.232
196.217.93.129
196.206.105.146
196.206.64.0
196.206.127.255
and one of their buddies
196.206.73.8 in Meknes
These all come from iam.net.ma who are part of dynadot.com
spam contact email
elasri@menara.maoumlil@iam.net.ma
info@dynadot.com
These people host a site that these hackers belong to at arabic-m.com. The site is a childrens sandbox and the only problem is the children getting the autohack tools are not just trying to leave a deface message but destroy data. There are no creative minds at work but still Beware! They are malicious without reason.
These are not anything near "good hackers" they are idiots and do not just deface, they delete all data on a hard drive in a destructive visit.
Hackers Beware! Deny Them Access
Recently a server I work on was hit by a bunch of chump kids from a couple of Internet cafes in Morocco. Foisting their shilliness on some sites and deleting most of the others. I caught them in the early part of their mayhem and cut their tools off, but the damage was done.
How to keep them off?
At first we found them operating in a couple of cafes in Morocco and barred the IP ranges for their host. Then the clients all asked if they could get the whole country and sure enough we found this masterpiece. "Block a Country!" What a great idea! The site gets hack attacks but it is
http://www.blockacountry.com/
It seems to keep up to date and you can ban whomever you want. Just pick them if they pick you!
We had another client who was being pounded by China all searching for foot fetish porn. He had a search script as a feature to his site to find any video on Youtube. Unfortunately YouTube command for keeping adult material off the site did not work and it became known quickly as a way to bypass YouTube filters set for countries. Oh man, this poor guy was hit! So much traffic and all very useless. They are not there for his real content, or to contribute or to click on an advert, they just want to suck the porn. So, we found this tool worked fine to zero them out.
Now, here is a bit of a gift, the top part of one of our clients .htaccess. Each entry is for something special we will cover in the next article. Your project is to see if you can figure out who they are and if they are sucking your bandwidth?
#attributor
deny from 64.41.145.177
#soso search
deny from 124.115.0.0/24
#Lightspeed
deny from 69.84.207.39
# Dutch gamers
deny from 84.244.189.99
#Bastards at Go daddy
deny from 68.178.211.195
deny from 72.167.232.0/24 BEWARE THESE GUYS ARE DOING STUFF NOW!
#turkey dicks
deny from 212.156.63.30
#Moroc Hackers
deny from 41.205.192.0/19
deny from 41.248.0.0/14
deny from 62.251.128.0/17
deny from 81.192.0.0/16
deny from 194.204.192.0/19
deny from 194.204.224.0/19
deny from 196.2.80.0/20
deny from 196.12.192.0/18
deny from 196.200.128.0/18
deny from 196.206.0.0/16
deny from 196.217.0.0/16
deny from 212.217.0.0/17
deny from 194.6.224.0/24
You can capture your victims with your .htaccess, add more countries with this fabulous tool, and a 403.shtml will send them somewhere fun.
Good luck out there! Get back to us with any tips on bandwidth hogs or hack attacks!
How to keep them off?
At first we found them operating in a couple of cafes in Morocco and barred the IP ranges for their host. Then the clients all asked if they could get the whole country and sure enough we found this masterpiece. "Block a Country!" What a great idea! The site gets hack attacks but it is
http://www.blockacountry.com/
It seems to keep up to date and you can ban whomever you want. Just pick them if they pick you!
We had another client who was being pounded by China all searching for foot fetish porn. He had a search script as a feature to his site to find any video on Youtube. Unfortunately YouTube command for keeping adult material off the site did not work and it became known quickly as a way to bypass YouTube filters set for countries. Oh man, this poor guy was hit! So much traffic and all very useless. They are not there for his real content, or to contribute or to click on an advert, they just want to suck the porn. So, we found this tool worked fine to zero them out.
Now, here is a bit of a gift, the top part of one of our clients .htaccess. Each entry is for something special we will cover in the next article. Your project is to see if you can figure out who they are and if they are sucking your bandwidth?
#attributor
deny from 64.41.145.177
#soso search
deny from 124.115.0.0/24
#Lightspeed
deny from 69.84.207.39
# Dutch gamers
deny from 84.244.189.99
#Bastards at Go daddy
deny from 68.178.211.195
deny from 72.167.232.0/24 BEWARE THESE GUYS ARE DOING STUFF NOW!
#turkey dicks
deny from 212.156.63.30
#Moroc Hackers
deny from 41.205.192.0/19
deny from 41.248.0.0/14
deny from 62.251.128.0/17
deny from 81.192.0.0/16
deny from 194.204.192.0/19
deny from 194.204.224.0/19
deny from 196.2.80.0/20
deny from 196.12.192.0/18
deny from 196.200.128.0/18
deny from 196.206.0.0/16
deny from 196.217.0.0/16
deny from 212.217.0.0/17
deny from 194.6.224.0/24
You can capture your victims with your .htaccess, add more countries with this fabulous tool, and a 403.shtml will send them somewhere fun.
Good luck out there! Get back to us with any tips on bandwidth hogs or hack attacks!
Subscribe to:
Posts (Atom)