Visit the LQ Articles and Editorials section
Go Back > Blogs > unixfool
User Name


Rate this Entry - Malicious IP scanning

Posted 06-04-2007 at 10:41 AM by unixfool

IP, an IP that belongs to, has been very active lately. The machine has been compromised twice in 30 days and does a multitude of scans. Last month I reported this IP to and the machine was eventually taken offline (after waiting over two weeks). I reported it again this weekend when I noticed the IP was scanning against port 80 on my public server.

I've attempted to do some digging via Google but have found nothing solid, other than finding people's web stats highlighting this IP. This post's intention is to let people know that this IP has a history of being compromised.

Putting the IP into shows the following:

**I'll capture a screenshot when I can, as the Blogger console attempts to render the data as HTML**

That's not good. Using Links (a text-based browser that is good to use
when you're afraid to visit a webpage with IE or Firefox), the .txt files
appear to be IPs that are being harvested for further exploitation.

I'm thinking of reporting this IP to the US-CERT, since SANS isn't being
Posted in Uncategorized
Views 1549 Comments 0
« Prev     Main     Next »


All times are GMT -5. The time now is 07:42 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration