Website Hacking Attack


Hacking Attempt from IP 86.96.226.87/8

An unsuccessful attempt to hack my website graphicline.co.za was made Friday 21 October 2011 shortly before 15h00 SAST  (13h00 GMT).

Satellite image of hacker in dubai location

Click image for larger view (image from Google Earth)

The attempt was first identified by repeated 404 ‘page not found’ and 403 ‘access forbidden’ messages resulting from the hacker using URLS while trying to get access to the server and website setup files, and to log-in to unauthorised and prohibited areas of the website and server. The server is set to send notifications to me of 404, 403 and similar errors.

The attack originated from a business on the corner of Jumeirah Road and Sheikh Rashid Road, Juneirah, Dubai, United Arab Emirates. The business is located in a warehouse or freight depot. Identified from the IP addresses used during the attack – IP 86.96.226.87 and 86.96.226.88. It appears two hackers were working simultaneously.

I should thank these ill intended persons for testing the security of the website and server. Each incident is an opportunity to examine security, to improve the strength of the server environment.

IP 86.96.226.87 & 86.96.226.88 Blacklisted

Project Honeypot (a distributed system for identifying spammers and spambots) has listed these and other IP’s in the range as a Spam Harvester, Comment Spammer, and Rule Breaker. The IP range can now also be considered in use for Malicious purposes.

Latest in series of attacks

This attack follows on from previous attempts to disrupt this website (Graphicline.co.za Web Site Malware Attack), and confirms the earlier incident, as well as another possible unconfirmed attempt, was likely the work of cyber criminals employed by a local business person with ties to the Middle East and Asian Sub-Continent. These criminals are possibly connected to a black-hat SEO operation.

IP 86.96.226.87 & 86.96.226.88 Used by Hackers and Spammers

86.96.226.87 & 86.96.226.8 and the following list of related IP addresses is in active use by hackers and spammers

86.96.229.89
86.96.228.84
86.96.120.93
86.96.226.16
86.96.228.89
86.96.228.84
86.96.226.13
86.96.226.15
86.96.229.84
86.96.226.14
86.96.229.85
86.96.229.88
86.96.227.92

BLock access to your websites and blogs from al these IPs – the people using this IP range have nothing but ill intentions. It surprises me they have the temerity to search the net (resulting in a visit ot this blog) to find out why their IP is blocked.

If you are an innocent person using this IP for internet connectivity – get a new service provider. The people using these IP addresses are cyber criminals of the worse type.

Updated: February 17, 2012 16h23 GMT

Advertisements

About Mike

Web Developer and Techno-geek Saltwater fishing nut Blogger

Posted on October 21, 2011, in Internet, Internet Security, Malware, Virus, Trojans, Security Threats, Websites and tagged , , , , , , , , , , , . Bookmark the permalink. 2 Comments.

  1. Thanks for your vigilance and information. Much appreciated!

    • Lynda – thanks… Your site is OK – Static HTML based, not much damage can be done. Just keep watching for anything strange (outgoing links appearing where they should not be and so on). It was an amateurish attempt anyway.

      Will let you know what Afrihost say in response too. Their servers are secure anyway. Not really much they can do apart from blocking the given IPs universally across all their servers.

      You and I both have a good idea who is behind this nonsense. The timing is right, and the idiot is getting desperate.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: