|
Being attacked by a hitbotter. Its killing all my trades through UCJ
Ive been sittin here babysittin my trades all day and not more than 30 minutes ago someone started running a hitbot on my c.cgi file causing my "trades OUT" number to increase by 500%
Thus making all the trade cookies to -0.10 killing every large trade I have. Is there something I can do to prevent this bastard from hitting me again? Rename my c.cgi file? Make a PHP file and encase the c.cgi file into it? Please help im desprite |
in your hosts.allow file put
deny from 100.100.100.100 replace 100.100 with his ip renaming c.cgi won't help Also you can signup for proxyguard.com's service and get a week free (i read that in another thread) |
K I looked in my "nocookie" thing on UCJ and I got this back...
"nocookie" under HOUR 36 0 12251 thats 36 in 12251 clicks. gawd damn so now im opening Show Details Incoming Repetitive IP's 195 - 194.230.114.50 47 - 212.31.117.80 38 - 172.131.28.103 33 - 148.233.133.202 22 - 144.134.77.156 18 - 172.183.28.103 14 - 61.156.195.31 14 - 61.156.205.147 13 - 193.250.58.153 12 - 64.12.96.73 12 - 205.188.208.38 9 - 211.200.167.8 9 - 172.150.251.145 8 - 195.93.65.12 7 - 217.18.130.24 6 - 205.188.209.39 4 - 195.93.50.11 4 - 210.220.73.22 3 - 195.93.73.7 3 - 200.213.110.132 3 - 80.228.4.51 3 - 24.205.60.168 2 - 65.34.152.247 2 - 61.156.195.202 2 - 61.117.175.27 2 - 24.222.98.245 2 - 66.185.84.68 2 - 194.6.2.152 2 - 217.235.151.141 2 - 62.104.210.68 543 - none 47 - 10.1.1.106 7 - 217.18.139.69 4 - 211.200.167.8 2 - 213.6.18.215 2 - 24.42.116.198 2 - 192.168.0.108 1 - 24.101.131.194 1 - 202.64.33.36 1 - unknown 1 - 209.240.221.59 1 - 200.176.54.72 1 - 62.136.25.11 1 - 213.224.41.161, 213.224.83.174 1 - 62.244.1.167 1 - 62.31.28.98 1 - 192.168.13.112 1 - 217.134.255.159 1 - 213.75.148.135 1 - 194.134.218.223 1 - 203.125.131.190 1 - 194.141.57.125 1 - 209.240.220.196 1 - 10.101.4.113, 10.101.4.31 1 - 192.168.28.170 Outgoing Repetitive IP's 7562 - 80.128.177.173 6470 - 151.29.193.109 5607 - 213.249.129.131 4021 - 151.38.61.21 2398 - 212.160.98.116 1893 - 149.156.102.212 544 - 151.29.208.128 398 - 24.171.26.41 395 - 213.66.124.243 390 - 217.226.16.12 362 - 212.185.248.154 350 - 131.191.34.64 346 - 212.185.248.153 340 - 212.185.248.156 318 - 62.216.3.3 317 - 212.198.0.97 314 - 212.108.239.40 311 - 141.154.36.209 289 - 64.12.102.47 287 - 212.185.248.151 287 - 80.228.4.51 285 - 212.185.248.150 284 - 212.185.248.152 281 - 80.129.26.2 280 - 212.30.114.9 280 - 212.185.248.155 279 - 217.81.127.214 271 - 212.185.248.149 257 - 200.176.220.114 253 - 24.222.98.245 100601 - none 398 - 24.171.26.41 395 - 217.208.70.63 257 - 213.203.103.85 232 - unknown 213 - 213.224.41.161 203 - 212.198.222.198 144 - 66.59.158.141 131 - 62.42.152.239 128 - 213.224.217.140 127 - 195.167.109.202 114 - 213.224.220.164 114 - 203.91.74.27 100 - 213.7.151.26 90 - 212.194.245.235 90 - 195.132.129.84 84 - 192.168.28.170 79 - 62.31.71.36 77 - 195.240.212.65 77 - 210.86.34.7 76 - 203.170.74.11 76 - 24.103.247.13 75 - 217.134.58.185 75 - 155.239.94.116 74 - 62.42.47.158 74 - 213.7.175.82 71 - 211.214.17.7 70 - 192.168.13.112 69 - 213.5.27.69 66 - 217.135.133.40 Are those big outgoing ip's the hitbotter? |
im lost. What happened?
what exactly did they do and what did it show on your admin page? |
look at that outgoing repeat ip list!
Wow! Where did you acces your ip list? |
thats from the "nocookie"
u know those 4 things that are in along with each member error gallery no ref nocookie then i clicked Show Details |
waht version of UCJ do you have?
Im still lost? I dont have that shit in my ucj? I have no cookie and no refferer |
nocookie is the one im talking about
4.1.5 i think |
dude go into your webserver confing file and above the virtualhost entries add something like this:
<Directory /> order deny,allow deny from hitbotters_ip </Directory> and restart apache - |
you need to add that in a
directory / entry the board removed the code |
Nobody is safe from a dos attack... I'm pretty sure there's no way to block such attacks... best to have more than one site in this case -- and don't make enemies...
|
check out this crazyness after a couple hours
9101 - 151.29.208.128 7562 - 80.128.177.173 5607 - 213.249.129.131 5023 - 151.202.107.101 4021 - 151.38.61.21 1893 - 149.156.102.212 1121 - 212.160.98.116 1007 - 211.96.110.3 398 - 24.171.26.41 395 - 213.66.124.243 390 - 217.226.16.12 362 - 212.185.248.154 346 - 212.185.248.153 346 - 131.191.34.64 340 - 212.185.248.156 323 - 212.198.0.97 318 - 62.216.3.3 317 - 212.30.114.9 314 - 212.108.239.40 287 - 80.228.4.51 287 - 212.185.248.151 285 - 212.185.248.150 284 - 212.185.248.152 280 - 212.185.248.155 279 - 217.81.127.214 273 - 141.154.36.209 271 - 212.185.248.149 269 - 200.191.112.188 253 - 24.222.98.245 253 - 62.26.68.19 109192 - none 398 - 24.171.26.41 395 - 217.208.70.63 257 - 213.203.103.85 226 - unknown 213 - 213.224.41.161 203 - 212.198.222.198 169 - 62.25.249.204 144 - 66.59.158.141 131 - 62.42.152.239 128 - 213.224.217.140 127 - 195.167.109.202 114 - 203.91.74.27 114 - 213.224.220.164 99 - 213.7.57.98 99 - 10.50.9.13 92 - 216.244.197.57 90 - 212.194.245.235 90 - 195.132.129.84 89 - 62.136.25.11 84 - 192.168.28.170 77 - 210.86.34.7 77 - 195.240.212.65 76 - 24.103.247.13 76 - 203.170.74.11 75 - 155.239.94.116 75 - 217.134.58.185 74 - 62.42.47.158 74 - 213.7.175.82 71 - 213.5.27.69 Compare that list and the one above. |
Here's the main culprits this round....
151.29.193.109 aka ppp-109-193.29-151.libero.it 151.202.107.101 aka pool-151-202-107-101.ny5030.east.verizon.net 212.160.98.116 aka promien.prz.rzeszow.pl 211.96.110.3 aka unknown If anyone else wants to help me out here. Are these proxies? Can you probe some ports? Get some computer names? nbtstat get some shared folders? eh? :c) |
This one is in Poland and not anonymous...
212.160.98.116 you could find out what IP is using this proxy -- depending on what kind of logs/script you have... |
Just been attacked again by
11244 - 149.156.102.212 This .. sucks! |
BTW I asked Tim what to do about it.
He advised me to change all my trades to Capped 1.7 ratios. So far it seems to be working out but I havent seen another attack since then to test it out. |
Plat it started with me a few weeks ago. I know what script it is and I imagine Tim does as well.
I have the site bookmarked. It is an image harvesting software that surfers are installing. So far all I have been doing is watching my nocookie stats and blocking the ip's via htaccess. They still sneak in though and in a matter of minutes completely fuck up productivity on all trades. Burtman |
I'm hitbotting you!!
|
| All times are GMT -7. The time now is 12:27 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123