15
clockico
14:49
February '06
Administrator

Uncategorized
Bad IP Addresses used in DDOS

The following IP addresses appear to have been involved in a Distributed Denial of Service (DDOS) attack on Dragon Thoughts on the morning of 15th February 2006. The controling and initiating address appears to have been 217.19.50.70

  • 125.177.31.204
  • 140.134.4.80
  • 158.121.118.220
  • 165.139.114.1
  • 193.96.33.214
  • 194.199.90.4
  • 194.68.63.142
  • 198.180.251.157
  • 201.252.152.52
  • 202.131.196.150
  • 202.58.85.6
  • 202.58.86.5
  • 203.59.162.122
  • 206.244.71.56
  • 210.111.45.47
  • 211.238.236.179
  • 212.103.190.66
  • 216.55.183.199
  • 217.19.50.70
  • 217.91.66.6
  • 220.127.181.5
  • 220.17.200.27
  • 220.245.179.130
  • 220.70.239.180
  • 220.70.65.157
  • 221.163.42.170
  • 222.106.129.245
  • 222.233.246.111
  • 58.230.39.126
  • 58.75.224.169
  • 59.16.136.251
  • 59.25.17.21
  • 61.97.227.152
  • 62.121.22.35
  • 62.171.194.4
  • 64.34.166.88
  • 66.166.7.218
  • 68.231.40.31
  • 69.15.96.51
  • 72.3.231.82
  • 72.9.242.58
  • 82.165.238.15
  • 82.235.157.128
  • 85.192.4.78

Additional attacks have happened today - 16th February, most from the same IP addresses, which have had all access removed with 403 errors, but this is a list of new attackers

  • 58.233.170.145
  • 59.13.121.133
  • 58.78.222.84
  • 59.3.165.93
  • 60.197.223.72
  • 61.102.137.100
  • 61.189.240.196
  • 61.40.64.46
  • 63.161.48.222
  • 64.110.74.244
  • 70.21.119.6
  • 82.189.181.193
  • 82.222.64.180
  • 85.91.150.218
  • 169.153.184.80
  • 192.44.60.146
  • 193.219.242.140
  • 193.252.53.22
  • 200.30.79.126
  • 200.43.69.18
  • 200.21.242.98
  • 201.208.201.206
  • 203.234.216.215
  • 203.240.215.68
  • 202.58.85.8
  • 203.162.27.87
  • 206.191.73.51
  • 208.194.225.150
  • 210.118.228.42
  • 211.217.111.154
  • 211.221.162.170
  • 211.249.223.80
  • 212.161.126.193
  • 212.175.240.139
  • 213.132.184.189
  • 218.238.241.237
  • 218.25.39.50
  • 221.159.207.119
  • 220.87.74.97
  • 222.118.210.32
  • 222.114.24.30
  • 222.103.89.30
  • 222.118.74.62

Very few additional attacks have happened today - 17th February 2006, most from the same IP addresses, which have had all access removed with 403 errors, but this is a list of new attackers, which found the page they attacked had been removed and was using a 301 redirect to google.jp

  • 58.227.229.89
  • 202.39.237.196

New compromised addressses that continue to attack dragonthoughts.com for 19th and 20th February 2006

  • 12.162.43.113
  • 58.24.29.168
  • 66.161.222.165
  • 68.127.180.208
  • 68.108.231.66
  • 68.79.126.152
  • 69.46.16.119
  • 72.244.174.132
  • 80.55.129.38
  • 81.255.25.117
  • 82.210.184.254
  • 83.14.0.106
  • 193.219.145.99
  • 193.219.145.99
  • 201.243.21.158
  • 202.58.86.3
  • 202.58.85.8
  • 206.169.77.247
  • 207.210.242.108
  • 210.245.211.132
  • 212.161.126.193
  • 216.55.168.181
  • 216.75.15.15
  • 216.40.89.183
  • 216.40.89.184
  • 217.9.147.70
  • 221.162.34.132
  • 222.105.28.58
  • 222.68.2.188

Further attacking addresses used on 21st February 2006

  • 62.5.245.22
  • 66.161.222.163
  • 68.32.84.54
  • 85.18.156.24
  • 164.100.96.29
  • 170.171.250.51
  • 196.40.43.218
  • 200.118.125.110
  • 200.61.183.237
  • 200.246.87.3
  • 202.129.20.14
  • 207.225.139.26
  • 210.245.164.218
  • 211.236.210.87
  • 219.223.122.20
  • 219.117.58.251
  • 220.124.121.165
  • 219.93.95.25

There was little spamming activity on 22ndbut there was a noticeable revival on 23rd February 2006. The new IP addresses follow.

  • 83.229.68.4
  • 83.18.199.18
  • 82.67.131.182
  • 82.227.132.35
  • 81.168.213.132
  • 80.191.213.6
  • 72.36.227.50
  • 71.16.78.149
  • 70.32.173.100
  • 69.193.4.178
  • 69.182.171.102
  • 66.90.101.27
  • 65.45.115.68
  • 62.24.109.2
  • 58.24.29.168
  • 222.239.198.239
  • 221.155.33.63
  • 220.76.243.52
  • 216.60.144.98
  • 212.142.140.149
  • 211.223.58.182
  • 204.209.113.41
  • 204.10.124.100
  • 203.31.48.3
  • 203.162.92.126
  • 202.130.84.133
  • 202.129.12.14
  • 196.40.31.138
  • 140.128.181.6


 

2 Comments to “Bad IP Addresses used in DDOS”


  1. Dragon’s Thinking » Blog Archive » Spam attack — 15 February 2006 @ 2:51 pm

    [...] Security has been stepped up, including banning all of the IP addresses (presumably compromised computers) from access to the entire site. Details of the IP addresses involved are at [...]

  2. Dragon’s Thinking » Blog Archive » Spamming diminished — 17 February 2006 @ 11:59 am

    [...] There has been a significant decrease in the spammers reaching dragonthoughts.com. This is largly due to the hosting company considering my reports and taking action by blacklisting the IP addresses that are known to be compromised, of which only a couple onf new ones appeared today. United Hosting support staff said: After discussion amongst our team we are going to block the IP’s listed on your blog. If this catches some legitimate IP’s we will get reports and unblock as necessary. [...]

RSS feed for comments on this post.
TrackBack URL


Write a comment

You need tologin.