[tor-relays] ExitPolicy reject 184.107.0.0/16* funio.com

Markus Koch niftybunny at googlemail.com
Fri Oct 28 03:57:27 UTC 2016


Getting abuse mass mails on nearly all exist in the last hours:

The following intrusion attempts were detected:

./pilipia/pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:35 -0400]
"GET / HTTP/1.1" 200 5734 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
Gecko/20100101 Firefox/7.0.1"
./pilipia/pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:36 -0400]
"GET /?subscribe-email=dlcw87%40hotmail.com&subscribe-submit=Informez-moi&
HTTP/1.1" 200 5734 "http://pilipiak.com/" "Mozilla/5.0 (Windows NT
5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
./autoparcs.promoafrik.com:188.166.63.113 - - [27/Oct/2016:00:30:30
-0400] "GET / HTTP/1.1" 200 26737 "-" "Mozilla/5.0 (Windows NT 5.1;
rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
./autoparcs.promoafrik.com:188.166.63.113 - - [27/Oct/2016:00:30:31
-0400] "GET /search-listing.php?list_search_box=&subscribe=Search&
HTTP/1.1" 200 9280 "http://autoparcs.com/" "Mozilla/5.0 (Windows NT
5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
./pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:35 -0400] "GET /
HTTP/1.1" 200 5734 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
Gecko/20100101 Firefox/7.0.1"
./pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:36 -0400] "GET
/?subscribe-email=dlcw87%40hotmail.com&subscribe-submit=Informez-moi&
HTTP/1.1" 200 5734 "http://pilipiak.com/" "Mozilla/5.0 (Windows NT
5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
./promoaf/autoparcs.promoafrik.com:188.166.63.113 - -
[27/Oct/2016:00:30:30 -0400] "GET / HTTP/1.1" 200 26737 "-"
"Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
./promoaf/autoparcs.promoafrik.com:188.166.63.113 - -
[27/Oct/2016:00:30:31 -0400] "GET
/search-listing.php?list_search_box=&subscribe=Search& HTTP/1.1" 200
9280 "http://autoparcs.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
Gecko/20100101 Firefox/7.0.1"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[26/Oct/2016:23:41:12 -0400] "GET
/index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[26/Oct/2016:23:41:16 -0400] "POST
/index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 116
"-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:00:02:49 -0400] "GET
/index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:00:02:51 -0400] "POST
/index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 116
"-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:33 -0400] "GET
/index.php?option=com_user&task=activate&activation=e36afd6ab6a066e3485fcd4aedbc74ac
HTTP/1.1" 200 11230 "-" ""
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:34 -0400] "GET
/index.php?option=com_user&view=login HTTP/1.1" 200 12349 "-"
"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:36 -0400] "POST
/index.php?option=com_user&view=login HTTP/1.1" 200 116
"http://hq-hospitality.com/index.php?option=com_user&view=login"
"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:38 -0400] "GET
/index.php?option=com_user&view=user&task=edit HTTP/1.1" 200 25720 "-"
"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:12:55:40 -0400] "GET
/index.php?option=com_user&task=activate&activation=72ca806c4be186be71e7a5e0316e8681
HTTP/1.1" 200 11230 "-" ""
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:19:28:56 -0400] "GET
/index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[26/Oct/2016:23:41:12 -0400] "GET
/index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[26/Oct/2016:23:41:16 -0400] "POST
/index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 116
"-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:00:02:49 -0400] "GET
/index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:00:02:51 -0400] "POST
/index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 116
"-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:33 -0400] "GET
/index.php?option=com_user&task=activate&activation=e36afd6ab6a066e3485fcd4aedbc74ac
HTTP/1.1" 200 11230 "-" ""
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:34 -0400] "GET
/index.php?option=com_user&view=login HTTP/1.1" 200 12349 "-"
"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:36 -0400] "POST
/index.php?option=com_user&view=login HTTP/1.1" 200 116
"http://hq-hospitality.com/index.php?option=com_user&view=login"
"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:38 -0400] "GET
/index.php?option=com_user&view=user&task=edit HTTP/1.1" 200 25720 "-"
"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:12:55:40 -0400] "GET
/index.php?option=com_user&task=activate&activation=72ca806c4be186be71e7a5e0316e8681
HTTP/1.1" 200 11230 "-" ""
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:19:28:56 -0400] "GET
/index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"

Abuse Department
Funio


to stop the mass flood of abuse bot mails I tried to reject the IP
space of funio but Tor is telling me its not allowed. Why?

Markus


More information about the tor-relays mailing list