Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
How to report a spam botnet
5 views
Skip to first unread message
Michael Monnerie
Nov 18, 2012, 8:08:08 AM11/18/12
to
We've got one users e-mail password hacked, and at the sime time a lot
of different IPs started to use that address. Here is the list. How
should we report those IPs, is there a "anti botnet unit" somewhere?
What is the best way to fight it?
008.021.006.226
014.139.187.017
014.149.118.062
014.154.200.135
014.154.202.080
037.059.126.055
037.221.130.043
041.224.246.009
042.120.042.108
042.121.090.036
046.172.226.082
058.060.032.030
058.060.033.119
058.060.033.169
058.061.061.106
058.061.062.042
058.061.072.130
058.061.074.045
058.061.080.125
058.061.083.205
058.061.139.110
058.211.138.027
059.034.057.068
059.050.160.164
059.050.165.200
059.050.173.084
059.050.175.129
059.058.243.025
059.060.007.146
060.173.008.080
060.190.136.090
061.032.075.088
061.040.132.114
061.135.133.175
061.186.008.003
061.186.009.206
061.186.010.132
061.186.015.046
061.186.015.063
061.186.015.245
061.186.017.127
061.186.018.156
061.186.021.065
062.033.168.214
067.019.027.250
067.055.121.212
080.080.108.035
081.024.116.046
082.026.004.179
082.116.036.010
084.020.082.082
085.113.038.013
085.234.022.126
086.096.200.078
087.224.152.135
089.218.083.092
089.218.094.166
091.075.085.224
091.194.057.018
092.050.133.026
094.023.018.040
094.075.243.148
094.180.123.034
095.170.205.148
095.211.089.043
103.022.182.131
109.203.203.060
110.082.117.007
110.139.166.231
110.139.167.171
110.189.168.171
112.067.036.172
112.067.084.091
112.067.087.102
112.067.112.148
112.067.112.255
112.067.113.192
112.067.119.028
112.067.173.116
112.067.176.047
112.067.176.082
112.067.177.101
112.067.177.184
112.067.179.082
112.067.182.232
112.067.183.049
112.067.183.174
112.067.183.226
112.067.185.027
112.067.188.088
112.067.190.242
112.067.191.010
113.015.180.062
113.085.020.123
113.108.201.189
113.118.092.195
113.118.094.156
113.207.124.165
115.236.050.016
118.026.200.245
118.097.058.166
118.098.073.110
118.116.161.254
118.123.250.012
119.147.143.042
119.177.015.238
120.028.008.194
120.043.089.101
120.132.132.119
121.022.034.166
121.058.235.130
121.206.075.065
122.166.119.208
122.170.116.178
122.225.202.018
123.147.247.096
125.007.221.146
125.079.092.024
125.079.092.084
125.088.125.201
130.185.104.080
140.240.002.024
140.240.002.088
140.240.003.131
140.240.005.087
140.240.006.037
140.240.008.186
140.240.011.042
140.240.016.005
140.240.016.169
140.240.022.003
140.240.024.018
140.240.027.004
140.240.247.235
140.240.253.245
177.043.059.146
178.074.103.049
178.207.158.230
178.211.050.083
180.143.184.246
180.149.096.069
180.250.144.210
182.073.108.034
182.133.123.050
182.255.000.039
183.014.121.227
183.014.124.120
183.039.181.122
186.201.116.194
187.052.171.114
187.059.087.082
187.078.031.182
187.115.052.040
189.108.118.194
190.085.096.173
190.094.003.090
190.187.057.130
190.189.090.132
190.202.116.101
190.223.053.198
193.039.118.019
193.255.143.063
195.016.049.214
196.203.071.082
198.144.187.074
199.058.185.162
200.031.105.172
200.160.111.154
200.175.044.223
200.206.014.026
201.018.107.234
201.077.202.068
201.086.129.043
202.067.012.162
202.067.235.123
203.086.060.018
207.194.087.105
212.075.136.248
212.117.174.064
212.144.254.122
213.247.184.145
217.018.137.130
217.024.114.114
217.147.232.030
217.219.123.059
218.001.098.013
218.005.074.199
218.063.168.253
218.065.230.131
218.067.082.171
218.067.083.117
218.077.192.156
218.077.198.087
218.094.107.004
220.161.133.203
220.163.044.188
220.196.042.048
221.007.215.248
221.214.221.148
221.234.024.046
222.078.127.223
222.189.152.068
222.197.214.091
222.218.182.000
222.218.182.249
222.255.027.223
223.004.241.231
223.198.162.062
223.199.128.154
223.199.129.073
223.199.129.202
223.199.130.046
223.199.131.114
223.199.139.229
--
// Michael Monnerie, Ing.BSc --- it-management Michael Monnerie
// http://it-management.at Tel: +43 660 / 415 65 31
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.pgp.net Key-ID: 1C1209B4
of different IPs started to use that address. Here is the list. How
should we report those IPs, is there a "anti botnet unit" somewhere?
What is the best way to fight it?
008.021.006.226
014.139.187.017
014.149.118.062
014.154.200.135
014.154.202.080
037.059.126.055
037.221.130.043
041.224.246.009
042.120.042.108
042.121.090.036
046.172.226.082
058.060.032.030
058.060.033.119
058.060.033.169
058.061.061.106
058.061.062.042
058.061.072.130
058.061.074.045
058.061.080.125
058.061.083.205
058.061.139.110
058.211.138.027
059.034.057.068
059.050.160.164
059.050.165.200
059.050.173.084
059.050.175.129
059.058.243.025
059.060.007.146
060.173.008.080
060.190.136.090
061.032.075.088
061.040.132.114
061.135.133.175
061.186.008.003
061.186.009.206
061.186.010.132
061.186.015.046
061.186.015.063
061.186.015.245
061.186.017.127
061.186.018.156
061.186.021.065
062.033.168.214
067.019.027.250
067.055.121.212
080.080.108.035
081.024.116.046
082.026.004.179
082.116.036.010
084.020.082.082
085.113.038.013
085.234.022.126
086.096.200.078
087.224.152.135
089.218.083.092
089.218.094.166
091.075.085.224
091.194.057.018
092.050.133.026
094.023.018.040
094.075.243.148
094.180.123.034
095.170.205.148
095.211.089.043
103.022.182.131
109.203.203.060
110.082.117.007
110.139.166.231
110.139.167.171
110.189.168.171
112.067.036.172
112.067.084.091
112.067.087.102
112.067.112.148
112.067.112.255
112.067.113.192
112.067.119.028
112.067.173.116
112.067.176.047
112.067.176.082
112.067.177.101
112.067.177.184
112.067.179.082
112.067.182.232
112.067.183.049
112.067.183.174
112.067.183.226
112.067.185.027
112.067.188.088
112.067.190.242
112.067.191.010
113.015.180.062
113.085.020.123
113.108.201.189
113.118.092.195
113.118.094.156
113.207.124.165
115.236.050.016
118.026.200.245
118.097.058.166
118.098.073.110
118.116.161.254
118.123.250.012
119.147.143.042
119.177.015.238
120.028.008.194
120.043.089.101
120.132.132.119
121.022.034.166
121.058.235.130
121.206.075.065
122.166.119.208
122.170.116.178
122.225.202.018
123.147.247.096
125.007.221.146
125.079.092.024
125.079.092.084
125.088.125.201
130.185.104.080
140.240.002.024
140.240.002.088
140.240.003.131
140.240.005.087
140.240.006.037
140.240.008.186
140.240.011.042
140.240.016.005
140.240.016.169
140.240.022.003
140.240.024.018
140.240.027.004
140.240.247.235
140.240.253.245
177.043.059.146
178.074.103.049
178.207.158.230
178.211.050.083
180.143.184.246
180.149.096.069
180.250.144.210
182.073.108.034
182.133.123.050
182.255.000.039
183.014.121.227
183.014.124.120
183.039.181.122
186.201.116.194
187.052.171.114
187.059.087.082
187.078.031.182
187.115.052.040
189.108.118.194
190.085.096.173
190.094.003.090
190.187.057.130
190.189.090.132
190.202.116.101
190.223.053.198
193.039.118.019
193.255.143.063
195.016.049.214
196.203.071.082
198.144.187.074
199.058.185.162
200.031.105.172
200.160.111.154
200.175.044.223
200.206.014.026
201.018.107.234
201.077.202.068
201.086.129.043
202.067.012.162
202.067.235.123
203.086.060.018
207.194.087.105
212.075.136.248
212.117.174.064
212.144.254.122
213.247.184.145
217.018.137.130
217.024.114.114
217.147.232.030
217.219.123.059
218.001.098.013
218.005.074.199
218.063.168.253
218.065.230.131
218.067.082.171
218.067.083.117
218.077.192.156
218.077.198.087
218.094.107.004
220.161.133.203
220.163.044.188
220.196.042.048
221.007.215.248
221.214.221.148
221.234.024.046
222.078.127.223
222.189.152.068
222.197.214.091
222.218.182.000
222.218.182.249
222.255.027.223
223.004.241.231
223.198.162.062
223.199.128.154
223.199.129.073
223.199.129.202
223.199.130.046
223.199.131.114
223.199.139.229
--
// Michael Monnerie, Ing.BSc --- it-management Michael Monnerie
// http://it-management.at Tel: +43 660 / 415 65 31
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.pgp.net Key-ID: 1C1209B4
Reindl Harald
Nov 18, 2012, 8:12:47 AM11/18/12
to
Am 18.11.2012 14:08, schrieb Michael Monnerie:
> We've got one users e-mail password hacked, and at the sime time a lot
> of different IPs started to use that address.
the damage to < 700 messages at all
> Here is the list
the list is invalid because ip-segments
does not have leading zeros
> How should we report those IPs, is there a "anti botnet unit"
> somewhere? What is the best way to fight it?
different countries and providers, so you have to email
all the abuse-addresses, there will be no service do it for you
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/
http://www.thelounge.net/signature.asc.what.htm
Michael Monnerie
Nov 18, 2012, 12:40:30 PM11/18/12
to
Am Sonntag, 18. November 2012, 14:12:47 schrieb Reindl Harald:
> the list is invalid because ip-segments
> does not have leading zeros
?
> the list is invalid because ip-segments
> does not have leading zeros
cat list|sed 's/00/0/g' if you need to. But whois can cope with that:
% The key "125.088.125.201" has been changed to "125.88.125.201" for
lookup.
Nothing should have problems with leading zeroes.
> forget it - a whois will show you that they all are from
> different countries and providers, so you have to email
> all the abuse-addresses, there will be no service do it for you
https://forms.us-cert.gov/report/index.php
I was hoping someone may know a central site.
whois was done, report sent to all sites who have an e-mail in their
answer.
--
mit freundlichen Grüssen,
Michael Monnerie, Ing. BSc
it-management Internet Services: Protéger
http://proteger.at [gesprochen: Prot-e-schee]
0 new messages