GoFuckYourself.com - Adult Webmaster Forum - View Single Post - These IP's are Password Hunting NOW... Block them here.

SplitInfinity · 05-22-2005, 02:27 PM

Actually, you can see their method of attack... they stand out like a sort thumb.
Take this file which is a recent sample I did just about an hour ago...

http://www.splitinfinity.com/brutes.txt

Scan through that.... can you identify the brute forcers? :-) Easy.

Look for sections that look like this:

204.186.159.229 anthonym
204.186.159.229 army100
204.186.159.229 bluepoint
204.186.159.229 cuco
204.186.159.229 EDOG12
204.186.159.229 fibbsjc
204.186.159.229 forxxxhq
204.186.159.229 gdromey
204.186.159.229 joe412
204.186.159.229 judges
204.186.159.229 laura
204.186.159.229 n6tb6x
204.186.159.229 pikedirk
204.186.159.229 tammygranville

Or better equipped brute forcers do it like this:

207.200.116.12 grimlok
207.200.116.12 grimlok
207.200.116.12 grimlok
207.200.116.12 grimlok
207.200.116.130 grimlok
207.200.116.131 grimlok
207.200.116.131 grimlok
207.200.116.131 grimlok
207.200.116.131 grimlok
207.200.116.131 grimlok
207.200.116.132 grimlok
207.200.116.132 grimlok
207.200.116.132 grimlok
207.200.116.132 grimlok
207.200.116.132 grimlok
207.200.116.132 grimlok
207.200.116.132 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.133 grimlok
207.200.116.135 grimlok
207.200.116.135 grimlok
207.200.116.137 -
207.200.116.137 grimlok
207.200.116.137 grimlok
207.200.116.137 grimlok
207.200.116.137 grimlok
207.200.116.137 grimlok
207.200.116.138 grimlok
207.200.116.138 grimlok
207.200.116.139 grimlok
207.200.116.139 grimlok
207.200.116.13 grimlok
207.200.116.13 grimlok
207.200.116.13 grimlok
207.200.116.195 grimlok
207.200.116.195 grimlok
207.200.116.196 grimlok
207.200.116.197 grimlok
207.200.116.198 grimlok
207.200.116.198 grimlok
207.200.116.200 grimlok

Note the rolling ip's?

05-22-2005, 02:27 PM
SplitInfinity Confirmed User Join Date: Dec 2002 Location: San Diego, CA Posts: 3,047	Actually, you can see their method of attack... they stand out like a sort thumb. Take this file which is a recent sample I did just about an hour ago... http://www.splitinfinity.com/brutes.txt Scan through that.... can you identify the brute forcers? :-) Easy. Look for sections that look like this: 204.186.159.229 anthonym 204.186.159.229 army100 204.186.159.229 bluepoint 204.186.159.229 cuco 204.186.159.229 EDOG12 204.186.159.229 fibbsjc 204.186.159.229 forxxxhq 204.186.159.229 gdromey 204.186.159.229 joe412 204.186.159.229 judges 204.186.159.229 laura 204.186.159.229 n6tb6x 204.186.159.229 pikedirk 204.186.159.229 tammygranville Or better equipped brute forcers do it like this: 207.200.116.12 grimlok 207.200.116.12 grimlok 207.200.116.12 grimlok 207.200.116.12 grimlok 207.200.116.130 grimlok 207.200.116.131 grimlok 207.200.116.131 grimlok 207.200.116.131 grimlok 207.200.116.131 grimlok 207.200.116.131 grimlok 207.200.116.132 grimlok 207.200.116.132 grimlok 207.200.116.132 grimlok 207.200.116.132 grimlok 207.200.116.132 grimlok 207.200.116.132 grimlok 207.200.116.132 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.133 grimlok 207.200.116.135 grimlok 207.200.116.135 grimlok 207.200.116.137 - 207.200.116.137 grimlok 207.200.116.137 grimlok 207.200.116.137 grimlok 207.200.116.137 grimlok 207.200.116.137 grimlok 207.200.116.138 grimlok 207.200.116.138 grimlok 207.200.116.139 grimlok 207.200.116.139 grimlok 207.200.116.13 grimlok 207.200.116.13 grimlok 207.200.116.13 grimlok 207.200.116.195 grimlok 207.200.116.195 grimlok 207.200.116.196 grimlok 207.200.116.197 grimlok 207.200.116.198 grimlok 207.200.116.198 grimlok 207.200.116.200 grimlok Note the rolling ip's?