[tor-relays] ExitPolicy reject 184.107.0.0/16* funio.com

John Ricketts john at quintex.com
Fri Oct 28 03:59:48 UTC 2016


I am getting them as well.  I haven't blocked yet, are you suggesting we should?

> On Oct 27, 2016, at 22:58, Markus Koch <niftybunny at googlemail.com> wrote:
> 
> Getting abuse mass mails on nearly all exist in the last hours:
> 
> The following intrusion attempts were detected:
> 
> ./pilipia/pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:35 -0400]
> "GET / HTTP/1.1" 200 5734 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
> Gecko/20100101 Firefox/7.0.1"
> ./pilipia/pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:36 -0400]
> "GET /?subscribe-email=dlcw87%40hotmail.com&subscribe-submit=Informez-moi&
> HTTP/1.1" 200 5734 "http://pilipiak.com/" "Mozilla/5.0 (Windows NT
> 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
> ./autoparcs.promoafrik.com:188.166.63.113 - - [27/Oct/2016:00:30:30
> -0400] "GET / HTTP/1.1" 200 26737 "-" "Mozilla/5.0 (Windows NT 5.1;
> rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
> ./autoparcs.promoafrik.com:188.166.63.113 - - [27/Oct/2016:00:30:31
> -0400] "GET /search-listing.php?list_search_box=&subscribe=Search&
> HTTP/1.1" 200 9280 "http://autoparcs.com/" "Mozilla/5.0 (Windows NT
> 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
> ./pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:35 -0400] "GET /
> HTTP/1.1" 200 5734 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
> Gecko/20100101 Firefox/7.0.1"
> ./pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:36 -0400] "GET
> /?subscribe-email=dlcw87%40hotmail.com&subscribe-submit=Informez-moi&
> HTTP/1.1" 200 5734 "http://pilipiak.com/" "Mozilla/5.0 (Windows NT
> 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
> ./promoaf/autoparcs.promoafrik.com:188.166.63.113 - -
> [27/Oct/2016:00:30:30 -0400] "GET / HTTP/1.1" 200 26737 "-"
> "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
> ./promoaf/autoparcs.promoafrik.com:188.166.63.113 - -
> [27/Oct/2016:00:30:31 -0400] "GET
> /search-listing.php?list_search_box=&subscribe=Search& HTTP/1.1" 200
> 9280 "http://autoparcs.com/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
> Gecko/20100101 Firefox/7.0.1"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [26/Oct/2016:23:41:12 -0400] "GET
> /index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 17902
> "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
> Firefox/38.0"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [26/Oct/2016:23:41:16 -0400] "POST
> /index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 116
> "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:00:02:49 -0400] "GET
> /index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 17902
> "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
> Firefox/38.0"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:00:02:51 -0400] "POST
> /index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 116
> "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:10:32:33 -0400] "GET
> /index.php?option=com_user&task=activate&activation=e36afd6ab6a066e3485fcd4aedbc74ac
> HTTP/1.1" 200 11230 "-" ""
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:10:32:34 -0400] "GET
> /index.php?option=com_user&view=login HTTP/1.1" 200 12349 "-"
> "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/38.0.2125.104 Safari/537.36"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:10:32:36 -0400] "POST
> /index.php?option=com_user&view=login HTTP/1.1" 200 116
> "http://hq-hospitality.com/index.php?option=com_user&view=login"
> "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/38.0.2125.104 Safari/537.36"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:10:32:38 -0400] "GET
> /index.php?option=com_user&view=user&task=edit HTTP/1.1" 200 25720 "-"
> "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/38.0.2125.104 Safari/537.36"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:12:55:40 -0400] "GET
> /index.php?option=com_user&task=activate&activation=72ca806c4be186be71e7a5e0316e8681
> HTTP/1.1" 200 11230 "-" ""
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:19:28:56 -0400] "GET
> /index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 17902
> "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
> Firefox/38.0"
> ./hqhospitality.hansen-quao.com:188.166.63.113 - -
> [26/Oct/2016:23:41:12 -0400] "GET
> /index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 17902
> "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
> Firefox/38.0"
> ./hqhospitality.hansen-quao.com:188.166.63.113 - -
> [26/Oct/2016:23:41:16 -0400] "POST
> /index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 116
> "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
> ./hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:00:02:49 -0400] "GET
> /index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 17902
> "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
> Firefox/38.0"
> ./hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:00:02:51 -0400] "POST
> /index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 116
> "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
> ./hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:10:32:33 -0400] "GET
> /index.php?option=com_user&task=activate&activation=e36afd6ab6a066e3485fcd4aedbc74ac
> HTTP/1.1" 200 11230 "-" ""
> ./hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:10:32:34 -0400] "GET
> /index.php?option=com_user&view=login HTTP/1.1" 200 12349 "-"
> "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/38.0.2125.104 Safari/537.36"
> ./hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:10:32:36 -0400] "POST
> /index.php?option=com_user&view=login HTTP/1.1" 200 116
> "http://hq-hospitality.com/index.php?option=com_user&view=login"
> "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/38.0.2125.104 Safari/537.36"
> ./hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:10:32:38 -0400] "GET
> /index.php?option=com_user&view=user&task=edit HTTP/1.1" 200 25720 "-"
> "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/38.0.2125.104 Safari/537.36"
> ./hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:12:55:40 -0400] "GET
> /index.php?option=com_user&task=activate&activation=72ca806c4be186be71e7a5e0316e8681
> HTTP/1.1" 200 11230 "-" ""
> ./hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:19:28:56 -0400] "GET
> /index.php?option=com_user&view=register&Itemid=2 HTTP/1.1" 200 17902
> "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
> Firefox/38.0"
> 
> Abuse Department
> Funio
> 
> 
> to stop the mass flood of abuse bot mails I tried to reject the IP
> space of funio but Tor is telling me its not allowed. Why?
> 
> Markus
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


More information about the tor-relays mailing list