« previous next »
Pages: [1]   Go Down

Author Topic: what happend on August 26, 2008  (Read 21655 times)

0 Members and 1 Guest are viewing this topic.

March 24, 2009, 05:33:55 pm
Read 21655 times

CkreM

  • Special Access
  • Hero Member
  • Offline
  • *
  • 567
what happend on August 26, 2008
I was wondering, usually i see around 20-30 on the Most Online Today stats

what happend on  August 26, 2008, 02:07:15 PM that 320 were logged?
Quote
Most Online Today: 22. Most Online Ever: 320 (August 26, 2008, 02:07:15 PM)
Logged
Mal-Aware
March 24, 2009, 06:42:40 pm
Reply #1

sowhat-x

  • Guest
Re: what happend on August 26, 2008
...i remember we were kinda wondering the same thing back then,as there was no special reason per se:
we were hunting/tracking down sql injected sites,"exchanger" samples and such stuff,
ie.nothing really extra-ordinary,just the stuff that was spreading around at that period...



Logged
November 15, 2009, 12:22:54 am
Reply #2

hhhobbit

  • Special Access
  • Full Member
  • Offline
  • *
  • 54
Re: what happend on August 26, 2008
Long time no write.  Right about then I was giving the message to hackers in my hdate.txt file and HostsFile.org came under a DOS bot attack.  I have no idea why they didn't hit SecureMecca.com.  Basically the message was along the lines of see, I can track every host you create.  They were bringing up hosts and then reassigning them to bogus IP addresses 72 hours later for their intermediary hosts and less than 12 hours later for their end hosts.  Here are some of the bogus IP addresses so you will know it is them if you see them again (I categorize them as dumpers):

1.1.1.1
1.2.3.4
111.111.111.1
111.111.111.111
222.111.222.222
222.222.222.222

Once the hosts are dumped hey will only stay in DNS 1-2 weeks and then they disappear.  What I pointed out to the hackers was that:
[a] I could keep up with them, even with my hosts file
Even if I didn't keep up with them with the hosts file, I handled most of their hosts with my PAC filter rules
[c] So they read that tiny hdate.txt file and followed my advice of doing tests with hosts that fell through the PAC filter rules
[d] That none of it made any difference - people were getting wise to their way of doing things.

That MAY be what happened.  I don't know.
Logged
November 23, 2009, 07:08:35 pm
Reply #3

dvk01

  • Private Forum
  • Newbie
  • Offline
  • *
  • 6
    • The spykiller
Re: what happend on August 26, 2008
usually what happens with SMF forums is a misbehaved search engine bot visited mob handed

I use the Googlebot & Spiders Mod http://custom.simplemachines.org/mods/index.php?mod=143   together with the Spiders in Who.template.php which splits spiders off from guests so you can tell what is happening
Logged
January 21, 2010, 03:10:50 pm
Reply #4

CkreM

  • Special Access
  • Hero Member
  • Offline
  • *
  • 567
Re: what happend on August 26, 2008
new record o.O

Most Online Today: 48. Most Online Ever: 467 (January 15, 2010, 01:57:55 pm) 
Logged
Mal-Aware
Pages: [1]   Go Up
« previous next »