IP Access Records for AS198047 UKWEB-EQX

This topic contains 3 replies, has 3 voices, and was last updated by  Keith Taylor 1 year, 5 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #398

    Keith Charlie Taylor
    Keymaster
    Ŧallars: Ŧ 61.20



    AS198047 is my current host! So, it’s galling to be attacked from an IP address on the same network. But, it does mean better access to technical support. Unfortunately, this hosting company is not very helpful. In time, I will move. But, for now, the best option is to block offending IP addresses.

    I cannot block AS198047, as that would deny me access to my own server. So, I will block offending IP addresses until I can restrict the entire host. To be fair, so far the threats are low level. Almost certainly a botnet attack. But, it is very persistent, causing hundreds of alarms.

    AS198047 IP Access Records cover August and July 2016. A typical example is:
    A user with IP address 91.208.99.2 has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 3. The last username they tried to sign in with was: ‘[domain]’
    User IP: 91.208.99.2
    User hostname: outgoing2.gridhost.co.uk
    User location: United Kingdom

    Autonomous Systems (AS) information:

    IP address	91.208.99.2
    Reverse DNS (PTR record)	outgoing2.gridhost.co.uk
    DNS server (NS record)	ns2.tsohost.co.uk (95.142.155.4)
    ns1.tsohost.co.uk (185.52.27.27)
    ASN number	198047
    ASN name (ISP)	UK Webhosting Ltd
    IP-range/subnet	91.208.99.0/24
    91.208.99.0 - 91.208.99.255
    #399

    Keith Charlie Taylor
    Keymaster
    Ŧallars: Ŧ 61.20

    I’ve now blocked IP Address 91.208.99.2 in CloudFlare.

    #438

    Anna
    Keymaster
    Ŧallars: Ŧ 47.95

    July to October 2016 (several attempts)

    A user with IP address 195.62.28.134 has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username ‘admin’ to try to sign in.
    User IP: 195.62.28.134
    User hostname: newe.footholds.net
    User location: United Kingdom

    Autonomous Systems (AS) information:

    AS      | IP               | BGP Prefix          | CC | Registry | AS Name
    AS198047  | 195.62.28.134    | 195.62.28.0/23      | GB | ripencc  | UKWEB-EQX , GB

    IP:195.62.28.134 restricted

    #501

    Keith Taylor
    Moderator
    Ŧallars: Ŧ 1015.48



    Though there is some suspicious activity, blocking the address is not the answer. Among other things, it is required for backups. Therefore, I’ve whitelisted it.

    Longterm solution is to find better hosting company. Probably one that integrates better with CloudFlare.

    For now, log problems, but avoid blocking.

Viewing 4 posts - 1 through 4 (of 4 total)

You should Connect to KeČaTa to reply to this topic.


Simply click one of the buttons above to connect using your favorite network. Then, a box will appear here for you to post your reply.

Keith Charlie Taylor's     Internet Community