ForumPostersUnion.com

AnthonyCea · #**121** 12-06-2008, 04:07 AM

This moron was working it today, he found a way to join the forum twice under the same user name, maybe with some sort of hole in vBulletin.

05:32 AM ##*ValterMrris Modifying Password 89.149.242.28

05:32 AM ##*ValterMrris Modifying Password 89-149-242-28.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

AnthonyCea · #**122** 12-14-2008, 04:04 PM

89.149.217.192 89-149-217-192.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; KTXN)

Information related to '89.149.216.0 - 89.149.217.255'

inetnum: 89.149.216.0 - 89.149.217.255
netname: NETDIRECT-NET
descr: netdirekt e.K.
remarks: INFRA-AW
country: DE
admin-c: WW200-RIPE
tech-c: SR614-RIPE
status: ASSIGNED PA
mnt-by: NETDIRECT-MNT
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
source: RIPE # Filtered

person: Wiethold Wagner
address: netdirekt e. K.
address: Kleyer Strasse 79 / Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail: info@netdirekt.de
nic-hdl: WW200-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

person: Simon Roehl
address: netdirekt e. K.
address: Kleyer Strasse 79 /Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail: technik@netdirekt.de
nic-hdl: SR614-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

% Information related to '89.149.192.0/18AS28753'

route: 89.149.192.0/18
descr: netdirect Frankfurt, DE
origin: AS28753
org: ORG-nA8-RIPE
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

organisation: ORG-nA8-RIPE
org-name: netdirect
org-type: LIR
address: netdirekt e. K.
Kleyer Strasse 79 / Tor 14
60326 Frankfurt
Germany
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail: ripe@netdirekt.de
admin-c: SR614-RIPE
admin-c: WW200-RIPE
mnt-ref: NETDIRECT-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered

AnthonyCea · #**123** 12-16-2008, 03:24 PM

89.149.217.192 89-149-217-192.internetserviceteam.com
Opera/9.0 (Windows NT 5.1; U; en)

AnthonyCea · #**124** 12-18-2008, 05:18 PM

89.149.227.16 89-149-227-16.internetserviceteam.com

Internetserviceteam.com spambot hit us tonight with no user agent at all.

AnthonyCea · #**125** 12-19-2008, 10:04 AM

78.159.112.179 78-159-112-179.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)

AnthonyCea · #**126** 12-21-2008, 05:59 PM

78.159.122.22 78.159.122.22.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)

AnthonyCea · #**127** 12-25-2008, 08:38 PM

78.159.112.198 78-159-112-198.internetserviceteam.com
Opera/7.54 (Windows NT 5.1; U) [pl]

Information related to '78.159.112.0 - 78.159.115.255'

inetnum: 78.159.112.0 - 78.159.115.255
netname: NETDIRECT-NET
descr: netdirekt e.K.
remarks: INFRA-AW
country: DE
admin-c: WW200-RIPE
tech-c: SR614-RIPE
status: ASSIGNED PA
mnt-by: NETDIRECT-MNT
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
source: RIPE # Filtered

person: Wiethold Wagner
address: netdirekt e. K.
address: Kleyer Strasse 79 / Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail: info@netdirekt.de
nic-hdl: WW200-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

person: Simon Roehl
address: netdirekt e. K.
address: Kleyer Strasse 79 /Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail: technik@netdirekt.de
nic-hdl: SR614-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

% Information related to '78.159.96.0/19AS28753'

route: 78.159.96.0/19
descr: ORG-nA8-RIPE
origin: AS28753
org: ORG-nA8-RIPE
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

organisation: ORG-nA8-RIPE
org-name: netdirect
org-type: LIR
address: netdirekt e. K.
Kleyer Strasse 79 / Tor 14
60326 Frankfurt
Germany
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail: ripe@netdirekt.de
admin-c: SR614-RIPE
admin-c: WW200-RIPE
mnt-ref: NETDIRECT-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered

AnthonyCea · #**128** 12-27-2008, 12:16 PM

84.16.231.192 84-16-231-192.internetserviceteam.com
Opera/9.00 (Windows NT 5.1; U; en)

84.16.231.192 84-16-231-192.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1)

AnthonyCea · #**129** 12-28-2008, 03:04 PM

212.95.54.169 212.95.54.169.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)

212.95.54.175.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; TheFreeDictionary.com; .NET CLR 1.1.4322; .NET CL

Information related to '212.95.54.0 - 212.95.54.255'

inetnum: 212.95.54.0 - 212.95.54.255
netname: V3SERVERS-NET-967806
descr: v3Servers.net
country: BY
admin-c: SA4597-RIPE
tech-c: SR614-RIPE
status: ASSIGNED PA
mnt-by: NETDIRECT-MNT
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
source: RIPE # Filtered

person: Sogreev Anton
address: 12 Knez Mihailova
address: apt. 18
address: Belgrade
address: 11000
address: Serbia
phone: +1 619 684 2664
abuse-mailbox: abuse@v3servers.net
nic-hdl: SA4597-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

person: Simon Roehl
address: netdirekt e. K.
address: Kleyer Strasse 79 /Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
nic-hdl: SR614-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

% Information related to '212.95.32.0/19AS28753'

route: 212.95.32.0/19
descr: ORG-nA8-RIPE
origin: AS28753
org: ORG-nA8-RIPE
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

organisation: ORG-nA8-RIPE
org-name: netdirect
org-type: LIR
address: netdirekt e. K.
Kleyer Strasse 79 / Tor 14
60326 Frankfurt
Germany
phone: +49 69 90556880
fax-no: +49 69 905568822
admin-c: SR614-RIPE
admin-c: WW200-RIPE
mnt-ref: NETDIRECT-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered

AnthonyCea · #**130** 12-29-2008, 07:02 PM

84.16.231.192 84-16-231-192.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 4.0) Opera 7.0 [en]

AnthonyCea · #**131** 01-03-2009, 07:23 PM

84.16.231.192 84-16-231-192.internetserviceteam.com
Opera/8.00 (Windows NT 5.1; U; en)

AnthonyCea · #**132** 01-05-2009, 07:59 AM

212.95.54.169 212.95.54.169.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)

AnthonyCea · #**133** 01-06-2009, 06:13 AM

08:01 AM Guest Viewing Index
84.16.231.192 84-16-231-192.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC

AnthonyCea · #**134** 01-10-2009, 03:10 PM

Highly interesting, even spam bot operators still use Windows 3.1

78.159.112.179 78-159-112-179.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 5.0; Windows 3.1)

AnthonyCea · #**135** 01-11-2009, 08:55 PM

212.95.54.176.internetserviceteam.com
Opera/8.01 (Windows NT 5.1)

89.149.196.213 89-149-196-213.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)

AnthonyCea · #**136** 01-17-2009, 03:31 PM

212.95.54.175 212.95.54.175.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; FDM)

89.149.217.184 89-149-217-184.internetserviceteam.com
Opera/9.0 (Windows NT 5.1; U; en)

AnthonyCea · #**137** 01-22-2009, 07:38 AM

09:24 AM Guest Viewing Index
212.95.54.180 212.95.54.180.internetserviceteam.com
Opera/9.0 (Windows NT 5.1; U; en)

04:16 PM Guest Viewing Index
89.149.217.184 89-149-217-184.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; TheFreeDictionary.com; .NET CLR 1.1.4322; .NET CL

Annette143 · #**138** 01-30-2009, 08:16 AM

I see these bots in my place too} 212-95-54-24.internetserviceteam.com

the trace gave me this}

212.95.54.24 is from Belarus(BY) in region Eastern Europe

TraceRoute to 212.95.54.24 [212-95-54-24.internetserviceteam.com]
Hop (ms) (ms) (ms) IP Address Host name
1 7 6 7 72.249.0.65 -
2 7 9 6 8.9.232.73 te-3-4.car1.dallas1.level3.net
3 7 6 6 4.68.19.134 ae-34-89.car4.dallas1.level3.net
4 13 12 6 64.208.110.205 -
5 141 140 143 64.209.102.50 -
6 144 141 134 89.149.218.66 89-149-218-66.internetserviceteam.com
7 151 136 140 212.95.54.24 212-95-54-24.internetserviceteam.com

what am I supposed to do?!
this thread makes me feel like there is nothing I can do because
everything you've all been doing is not curing the problem.

How could I become a pain in their side?

AnthonyCea · #**139** 01-31-2009, 08:46 AM

You would have to ban spambot IP's by CIDR at the server level, look into automation if you want to fight back, read the sticky threads in this forum to fight bad spam bots, check out www.ProjectHoneyPot.org if you want to fight back.

Good luck, because you will have your hands full with automated comment spam bot operators and hackers trying to crack your web server and app's.

Annette143 · #**140** 01-31-2009, 08:51 AM

Quote:

Originally Posted by AnthonyCea

You would have to ban spambot IP's by CIDR at the server level, look into automation if you want to fight back, read the sticky threads in this forum to fight bad spam bots, check out www.ProjectHoneyPot.org if you want to fight back.

Good luck, because you will have your hands full with automated comment spam bot operators and hackers trying to crack your web server and app's.

I don't have spam posts, ya gotta be a member, sign in, to post
and all memebrships go thur me but
I have a free board and no access to the server or any of that.
all I can do is ban an ip
pretty useless from what I read here :(
can we feed them a "Cookie" ?
bait and poison them like they do cockroaches?

AnthonyCea · #**141** 01-31-2009, 08:55 AM

Well, these guys automatically crawl all servers, even to leave referral log spam, so don't go crazy, they are blocked here but still show in who's online even after they are blocked, so we publish the IP's and user agents as a public service to webmasters and server administrators.

PS: Send a link to this thread to your server administrator and ask him to block Internetserviceteam.com by host name, tell him they are driving you crazy, he can do that for you easy.

AnthonyCea · #**142** 01-31-2009, 03:44 PM

05:39 PM Guest Viewing Index
78.159.112.179 78-159-112-179.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)

AnthonyCea · #**143** 02-03-2009, 09:59 AM

11:51 AM Guest Viewing Index
212.95.54.179 212.95.54.179.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon; .NET CLR 1.1.4322)

AnthonyCea · #**144** 02-04-2009, 09:12 AM

11:09 AM Guest Viewing Index
89.149.227.65 89-149-227-65.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.50

AnthonyCea · #**145** 02-05-2009, 12:13 PM

01:58 PM Guest Viewing Index
212.95.54.24 212-95-54-24.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.54 [en]

05:07 PM Guest Viewing Index
212.95.54.24 212-95-54-24.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Babya Discoverer 8.0:

09:04 PM Guest Viewing Index
212.95.54.24 212-95-54-24.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)

AnthonyCea · #**146** 02-07-2009, 06:26 PM

08:02 PM Guest Viewing Index
212.95.54.168 212.95.54.168.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal

roblingelbach · #**147** 02-09-2009, 02:05 AM

I'm seeing, coming into my Linux box, a significant number of packets to various ports from internetserviceteam.com, just as mentioned previously here in voluminous detail.

I wouldn't have been completely aware of these (new to my host) if I hadn't recently installed ntop and its dedicated webserver. Sure, I tail the system logs when I can, but ntop gives me cumulative readouts and more statistics than I could ever need. In this case, more is better.

I'm using iptables to drop packets from specific Class B and C nets, but as you say, with their IP hopping it's just a finger in the dyke. What a load of work, I go back 20 years as a Unix sysadmin and am scratching my head for a solution, and also yearning for the gold old days.

ntop is open source under the GNU license.

AnthonyCea · #**148** 02-09-2009, 02:43 PM

You will keep seeing Internetserviceteam.com until you block them by CIDR or by hostname, they also ghost their main IP's with blacklisted open proxy IP's, so they will find a way to get in, webmasters must be vigilant or install a firewall script that uses real time data from anti-spam or anti-bad bot providers.

04:17 PM Guest Viewing Index
89.149.226.72 89-149-226-72.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT) ::ELNSB50::000061100320025802a00111000000000507000 900

roblingelbach · #**149** 02-09-2009, 04:13 PM

>must be vigilant or install a firewall script that uses real time data from >anti-spam or anti-bad bot providers.

can you advise a source for these providers?

thanks.

AnthonyCea · #**150** 02-09-2009, 04:19 PM

Quote:

Originally Posted by roblingelbach

>must be vigilant or install a firewall script that uses real time data from >anti-spam or anti-bad bot providers.

can you advise a source for these providers?

thanks.

There is a bad bot blocking script mentioned in this thread.

Also research www.ProjectHoneyPot.org too.

Read the threads on this forum, every tactic that is worthwhile is listed, but you will have to take the time to read.

See this thread for a new spam bot blocking script, the developer posts in the thread, ask him a few things if you wish.

AnthonyCea · #**151** 02-16-2009, 06:36 PM

08:33 PM Guest Viewing Index
89.149.244.57 89-149-244-57.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Avant Browser [avantbrowser.com]; Hotbar 4.4.5.0)

AnthonyCea · #**152** 02-17-2009, 07:20 AM

09:09 AM Guest Viewing Index
212.95.54.179 212.95.54.179.internetserviceteam.com
Opera/7.60 (Windows NT 5.2; U) [en] (IBM EVV/3.0/EAK01AG9/LE)

06:49 PM Guest Viewing Index
212.95.54.179 212.95.54.179.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

08:25 PM Guest Viewing Index
89.149.244.57 89-149-244-57.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; TheFreeDictionary.com; .NET CLR 1.1.4322; .NET CL

11:44 PM Guest Viewing Index
212.95.58.208 212.95.58.208.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)

Information related to '212.95.58.0 - 212.95.58.255'

inetnum: 212.95.58.0 - 212.95.58.255
netname: V3SERVERS-NET-967806
descr: v3Servers.net
country: BY
admin-c: SA4597-RIPE
tech-c: SR614-RIPE
status: ASSIGNED PA
mnt-by: NETDIRECT-MNT
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
source: RIPE # Filtered

person: Sogreev Anton
address: 12 Knez Mihailova
address: apt. 18
address: Belgrade
address: 11000
address: Serbia
phone: +1 619 684 2664
abuse-mailbox: abuse@v3servers.net
nic-hdl: SA4597-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

person: Simon Roehl
address: netdirekt e. K.
address: Kleyer Strasse 79 /Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
nic-hdl: SR614-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

% Information related to '212.95.32.0/19AS28753'

route: 212.95.32.0/19
descr: ORG-nA8-RIPE
origin: AS28753
org: ORG-nA8-RIPE
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

organisation: ORG-nA8-RIPE
org-name: netdirect
org-type: LIR
address: netdirekt e. K.
Kleyer Strasse 79 / Tor 14
60326 Frankfurt
Germany
phone: +49 69 90556880
fax-no: +49 69 905568822
admin-c: SR614-RIPE
admin-c: WW200-RIPE
mnt-ref: NETDIRECT-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered

AnthonyCea · #**153** 02-18-2009, 08:58 PM

212.95.54.179.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

AnthonyCea · #**154** 02-19-2009, 05:10 AM

06:52 AM Guest Viewing Index
212.95.58.208 212.95.58.208.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Babya Discoverer 8.0:

09:35 AM Guest Viewing Index
212.95.58.208 212.95.58.208.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; KTXN)

10:05 AM Guest Viewing Index
212.95.58.208 212.95.58.208.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

01:49 PM Guest Viewing Index
212.95.54.24 212-95-54-24.internetserviceteam.com
Mozilla/0.91 Beta (Windows)

02:32 PM Guest Viewing Index
84.16.224.109 84-16-224-109.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)

AnthonyCea · #**155** 02-21-2009, 08:41 AM

10:27 AM Guest Viewing Index
212.95.54.179.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

11:56 AM Guest Viewing Index
212.95.54.24 212-95-54-24.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90; Creative)

02:04 PM Guest Viewing Index
212.95.54.43 212.95.54.43.internetserviceteam.com
Mozilla/4.61 [en] (X11; U; ) - BrowseX (2.0.0 Windows)

AnthonyCea · #**156** 02-23-2009, 09:07 AM

11:06 AM Blalgeabula Registering
212.95.63.33 212.95.63.33.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0; .NET CLR 1.0.2914)

AnthonyCea · #**157** 02-24-2009, 02:20 PM

04:17 PM Guest Viewing Index
212.95.54.179.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Netscape/8.0.4

AnthonyCea · #**158** 02-25-2009, 11:12 AM

12:59 PM Guest Viewing Index
212.95.54.179 212.95.54.179.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)

AnthonyCea · #**159** 02-27-2009, 04:50 PM

06:46 PM Guest Viewing Index
212.95.63.33.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)

AnthonyCea · #**160** 03-01-2009, 06:46 AM

08:39 AM Guest Viewing Index
89.149.244.55 89-149-244-55.internetserviceteam.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)