Whoa!
CaseK
Join Date: 2003-02-09 Member: 13338Members
Join Date: 2003-02-09 Member: 13338Members
<div class="IPBDescription">someone tried to hack me..</div> Seriously,
Im not even sure this is the place to post this, but oh well, Im not sure what to do...some advise would be nice.
someone was trying to hack into my server, so I tracerouted the ip. On a random chance, I put the isp info into google and hit search....
This is what came up...
<a href='http://dsl-139-168.aei.ca/phpMyAdmin-2.4.0/' target='_blank'>http://dsl-139-168.aei.ca/phpMyAdmin-2.4.0/</a>
Since, I jumped in there the first time I have been banned, asked to supply a password. Let me know what you all come up with and what you think about it.
The isp I tracerouted was....
66.36.139.168
Ban this IP from your servers.
Im very perturbed.
Please email me with any comments at
admin@djbookings.net
Thank you.
Im not even sure this is the place to post this, but oh well, Im not sure what to do...some advise would be nice.
someone was trying to hack into my server, so I tracerouted the ip. On a random chance, I put the isp info into google and hit search....
This is what came up...
<a href='http://dsl-139-168.aei.ca/phpMyAdmin-2.4.0/' target='_blank'>http://dsl-139-168.aei.ca/phpMyAdmin-2.4.0/</a>
Since, I jumped in there the first time I have been banned, asked to supply a password. Let me know what you all come up with and what you think about it.
The isp I tracerouted was....
66.36.139.168
Ban this IP from your servers.
Im very perturbed.
Please email me with any comments at
admin@djbookings.net
Thank you.
Comments
My fault, I should have taken a screenshot. I wasnt thinking straight.
<a href='http://www.ripe.net/perl/whois?form_type=simple&full_query_string=&searchtext=66.36.139.168&do_search=Search' target='_blank'>http://www.ripe.net/perl/whois?form_type=s...o_search=Search</a>
The window I ended up at said, "RconHacker," and had a bunch of query fields in it.
OrgName: AEI Internet Inc.
OrgID: AEII
Address: 2124 Drummond Street
City: Montreal
StateProv: QC
PostalCode: H3G 1W9
Country: CA
NetRange: 66.36.128.0 - 66.36.143.255
CIDR: 66.36.128.0/20
NetName: AEI-NET-BLK-2
NetHandle: NET-66-36-128-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: GAMMA.AEI.CA
NameServer: DELTA.AEI.CA
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2002-08-22
Updated: 2002-08-22
TechHandle: JV156-ARIN
TechName: Verreault, John
TechPhone: +1-514-284-4452
TechEmail: verreaul@aei.ca
I suggest everyone email them and tell them about this. Let them know that cracking rcon is a way for them to gain control of you server and run commands on it.
<a href='http://www.ripe.net/perl/whois?form_type=simple&full_query_string=&searchtext=66.36.139.168&do_search=Search' target='_blank'>http://www.ripe.net/perl/whois?form_type=s...o_search=Search</a> <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
It could've been bounced through an IP masker/forwarder and it wouldn't show up as a real IP...
It started around 11:30pm-12am Central time. I glanced over at the hlds window and saw someone trying random passwords in rcon. Of course the ip also shows up, so when I run a trace, the information above showed up. Instead of contacting the isp right away, I thought "lets just pop this into google and see what happens." I was surprised when I clicked on the link and found may way into a "RconHacker" query database of some sort...
Did anyone else see it?
<a href='http://www.ripe.net/perl/whois?form_type=simple&full_query_string=&searchtext=66.36.139.168&do_search=Search' target='_blank'>http://www.ripe.net/perl/whois?form_type=s...o_search=Search</a> <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
It could've been bounced through an IP masker/forwarder and it wouldn't show up as a real IP...<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
RIPE's whois does not return results for IP space not allocated to them. 66/8 is ARIN space. Brutus already posted the whois info, but here's a link in case you want to click around: <a href='http://ws.arin.net/cgi-bin/whois.pl?queryinput=66.36.139.168' target='_blank'>http://ws.arin.net/cgi-bin/whois.pl?queryi...t=66.36.139.168</a>
Grimm, what the devil are you talking about?
log
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Bad Rcon from 66.36.139.168:2938:
rcon 2818287993 owned sv_gravity 800
L 02/25/2003 - 19:08:56: Bad Rcon: "rcon 2818287993 owned sv_gravity 800" from "66.36.139.168:2938"
Bad rcon_password.
Bad Rcon from 66.36.139.168:3478:
rcon 2818287993 babe sv_gravity 800L 02/25/2003 - 19:10:01: Bad Rcon: "rcon 2818287993 babe sv_gravity 800" from "66.36.139.168:3478"
Bad rcon_password.
Bad Rcon from 66.36.139.168:3895:
rcon 2818287993 qwerty sv_gravity 800
L 02/25/2003 - 19:10:51: Bad Rcon: "rcon 2818287993 qwerty sv_gravity 800" from "66.36.139.168:3895"
Bad rcon_password.<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
I also will be contacting the isp.
Though nice thing about PSU is that they have a dept dedicated to fighting network security issues. I referred it to them so now there should be some serious pressure put on this ISP.
L 02/25/2003 - 16:40:43: Bad Rcon: "rcon 1866520740 owned sv_gravity 800" from "66.36.139.168:2297"
L 02/25/2003 - 16:40:58: Bad Rcon: "rcon 1866520740 omg sv_gravity 800" from "66.36.139.168:2419"
L 02/25/2003 - 16:41:28: Bad Rcon: "rcon 1866520740 babe sv_gravity 800" from "66.36.139.168:2678"
L 02/25/2003 - 16:43:01: Bad Rcon: "rcon 1866520740 0wnage sv_gravity 800" from "66.36.139.168:3438"
L 02/25/2003 - 16:43:06: Bad Rcon: "rcon 1866520740 karl sv_gravity 800" from "66.36.139.168:3473"
L 02/25/2003 - 16:43:07: Bad Rcon: "rcon 1866520740 secret sv_gravity 800" from "66.36.139.168:3475"
L 02/25/2003 - 16:43:12: Bad Rcon: "rcon 1866520740 qwerty sv_gravity 800" from "66.36.139.168:3521"
L 02/25/2003 - 19:01:43: Bad Rcon: "rcon 1866520740 baby sv_gravity 800" from "66.36.139.168:4180"
L 02/25/2003 - 19:10:07: Bad Rcon: "rcon 1866520740 leet sv_gravity 800" from "66.36.139.168:4309"
L 02/25/2003 - 19:10:55: Bad Rcon: "rcon 1866520740 ohmygod sv_gravity 800" from "66.36.139.168:4701"
L 02/25/2003 - 19:13:06: Bad Rcon: "rcon 1866520740 fuckyou sv_gravity 800" from "66.36.139.168:1831"
L 02/25/2003 - 19:13:08: Bad Rcon: "rcon 1866520740 own sv_gravity 800" from "66.36.139.168:1856"
L 02/25/2003 - 19:13:25: Bad Rcon: "rcon 1866520740 access sv_gravity 800" from "66.36.139.168:1982"
L 02/25/2003 - 19:13:25: Bad Rcon: "rcon 1866520740 carl sv_gravity 800" from "66.36.139.168:1988"
L 02/25/2003 - 21:26:17: Bad Rcon: "rcon 1866520740 blood sv_gravity 800" from "66.36.139.168:4500"
L 02/25/2003 - 21:37:56: Bad Rcon: "rcon 1866520740 george sv_gravity 800" from "66.36.139.168:2530"
L 02/25/2003 - 21:42:48: Bad Rcon: "rcon 1866520740 rofl sv_gravity 800" from "66.36.139.168:4913"
L 02/25/2003 - 21:44:13: Bad Rcon: "rcon 1866520740 0wn sv_gravity 800" from "66.36.139.168:1622"
L 02/25/2003 - 21:44:17: Bad Rcon: "rcon 1866520740 **** sv_gravity 800" from "66.36.139.168:1654"
L 02/25/2003 - 21:44:19: Bad Rcon: "rcon 1866520740 alpha sv_gravity 800" from "66.36.139.168:1674"
L 02/25/2003 - 21:44:31: Bad Rcon: "rcon 1866520740 1234 sv_gravity 800" from "66.36.139.168:1762"
L 02/25/2003 - 23:34:24: Bad Rcon: "rcon 1866520740 cocacola sv_gravity 800" from "66.36.139.168:4187"
L 02/26/2003 - 00:10:58: Bad Rcon: "rcon 1866520740 bob sv_gravity 800" from "66.36.139.168:2474"
L 02/26/2003 - 00:15:24: Bad Rcon: "rcon 1866520740 shibby sv_gravity 800" from "66.36.139.168:4631"
L 02/26/2003 - 00:16:02: Bad Rcon: "rcon 1866520740 lol sv_gravity 800" from "66.36.139.168:4951"
L 02/26/2003 - 00:17:00: Bad Rcon: "rcon 1866520740 0wned sv_gravity 800" from "66.36.139.168:1443"
L 02/26/2003 - 00:17:24: Bad Rcon: "rcon 1866520740 america sv_gravity 800" from "66.36.139.168:1634"
L 02/26/2003 - 00:17:27: Bad Rcon: "rcon 1866520740 12345 sv_gravity 800" from "66.36.139.168:1666"
L 02/26/2003 - 01:55:44: Bad Rcon: "rcon 1866520740 vampire sv_gravity 800" from "66.36.139.168:2071"
L 02/26/2003 - 02:38:11: Bad Rcon: "rcon 1866520740 ownage sv_gravity 800" from "66.36.139.168:2711"
L 02/26/2003 - 02:42:00: Bad Rcon: "rcon 1866520740 1337 sv_gravity 800" from "66.36.139.168:4502"
L 02/26/2003 - 02:42:39: Bad Rcon: "rcon 1866520740 haha sv_gravity 800" from "66.36.139.168:4801"
L 02/26/2003 - 02:43:21: Bad Rcon: "rcon 1866520740 james sv_gravity 800" from "66.36.139.168:1176"
L 02/26/2003 - 02:43:49: Bad Rcon: "rcon 1866520740 anarchy sv_gravity 800" from "66.36.139.168:1400"
L 02/26/2003 - 02:43:57: Bad Rcon: "rcon 1866520740 123456 sv_gravity 800" from "66.36.139.168:1461"
Doesn't the game server ban ip's after a certain amount of wrong tries?
Well, if he ever did get my password for rcon, he would ahve a much better chance sniffing it, Then when he gets it, i hope he enjoys rcon because thats as far as he will get. Probably just brute-forcing to try to exploit that Remote-Shell exploit that has been out, Using(adminmod, AMXmod, Clanmod, Etc.. to exploit some rcon junk and take shell access, something like that...). Just make sure you got all up2date stuff, and for fellow AMX'ers, GRAB 0.9.3 off the forums -> there was an exploit for 0.9.2- just like adminmod and clanmod stuff....
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Anybody else think that 'shibby' is wierd? I know a guy on CS that's named Shibby. I don't know if it's a common name or not, but it just stuck out to me...He lives here in the States.
Funny, the exact same passwords were tried on my end. hehe, what a dork. He should of tried "password" Thats what I use cause noone every thinks of it.
<!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
L 02/25/2003 - 17:58:54: Bad Rcon: "rcon 2893722497 omg sv_gravity 800" from "66.36.139.168:2182"
L 02/25/2003 - 17:59:48: Bad Rcon: "rcon 2893722497 owned sv_gravity 800" from "66.36.139.168:2588"
L 02/25/2003 - 18:01:04: Bad Rcon: "rcon 2893722497 0wnage sv_gravity 800" from "66.36.139.168:3186"
L 02/25/2003 - 18:01:10: Bad Rcon: "rcon 2893722497 qwerty sv_gravity 800" from "66.36.139.168:3225"
L 02/25/2003 - 18:01:13: Bad Rcon: "rcon 2893722497 karl sv_gravity 800" from "66.36.139.168:3247"
L 02/25/2003 - 18:01:29: Bad Rcon: "rcon 2893722497 babe sv_gravity 800" from "66.36.139.168:3388"
L 02/25/2003 - 18:01:30: Bad Rcon: "rcon 2893722497 secret sv_gravity 800" from "66.36.139.168:3393"
L 02/25/2003 - 20:28:02: Bad Rcon: "rcon 2893722497 leet sv_gravity 800" from "66.36.139.168:3854"
L 02/25/2003 - 20:28:26: Bad Rcon: "rcon 2893722497 baby sv_gravity 800" from "66.36.139.168:4039"
L 02/25/2003 - 20:28:34: Bad Rcon: "rcon 2893722497 ohmygod sv_gravity 800" from "66.36.139.168:4111"
L 02/25/2003 - 20:30:25: Bad Rcon: "rcon 2893722497 fuckyou sv_gravity 800" from "66.36.139.168:1054"
L 02/25/2003 - 20:30:34: Bad Rcon: "rcon 2893722497 own sv_gravity 800" from "66.36.139.168:1123"
L 02/25/2003 - 20:30:37: Bad Rcon: "rcon 2893722497 access sv_gravity 800" from "66.36.139.168:1153"
L 02/25/2003 - 20:30:43: Bad Rcon: "rcon 2893722497 carl sv_gravity 800" from "66.36.139.168:1193"
L 02/25/2003 - 22:45:25: Bad Rcon: "rcon 2893722497 blood sv_gravity 800" from "66.36.139.168:4498"
L 02/25/2003 - 22:54:38: Bad Rcon: "rcon 2893722497 george sv_gravity 800" from "66.36.139.168:1272"
L 02/25/2003 - 22:59:19: Bad Rcon: "rcon 2893722497 rofl sv_gravity 800" from "66.36.139.168:3542"
L 02/25/2003 - 23:01:00: Bad Rcon: "rcon 2893722497 alpha sv_gravity 800" from "66.36.139.168:4368"
L 02/25/2003 - 23:01:01: Bad Rcon: "rcon 2893722497 0wn sv_gravity 800" from "66.36.139.168:4390"
L 02/25/2003 - 23:01:07: Bad Rcon: "rcon 2893722497 **** sv_gravity 800" from "66.36.139.168:4432"
L 02/25/2003 - 23:01:10: Bad Rcon: "rcon 2893722497 1234 sv_gravity 800" from "66.36.139.168:4458"
L 02/26/2003 - 01:04:31: Bad Rcon: "rcon 2893722497 cocacola sv_gravity 800" from "66.36.139.168:1994"
L 02/26/2003 - 01:26:12: Bad Rcon: "rcon 2893722497 bob sv_gravity 800" from "66.36.139.168:4477"
L 02/26/2003 - 01:31:47: Bad Rcon: "rcon 2893722497 lol sv_gravity 800" from "66.36.139.168:3099"
L 02/26/2003 - 01:32:40: Bad Rcon: "rcon 2893722497 0wned sv_gravity 800" from "66.36.139.168:3572"
L 02/26/2003 - 01:33:05: Bad Rcon: "rcon 2893722497 shibby sv_gravity 800" from "66.36.139.168:3786"
L 02/26/2003 - 01:33:08: Bad Rcon: "rcon 2893722497 america sv_gravity 800" from "66.36.139.168:3808"
L 02/26/2003 - 01:51:11: Rcon: "rcon MY Rcon Request # "MY Real RCON Password" listid" from "MY IP"
L 02/26/2003 - 01:51:11: Rcon: "rcon MY Rcon Request # "MY Real RCON Password" listip" from "MY IP"
L 02/26/2003 - 01:51:15: Rcon: "rcon MY Rcon Request # "MY Real RCON Password" addip 0 66.36.139.168" from "MY IP"
L 02/26/2003 - 01:51:15: Rcon: "rcon MY Rcon Request # "MY Real RCON Password" listid" from "MY IP"
L 02/26/2003 - 01:51:15: Rcon: "rcon MY Rcon Request # "MY Real RCON Password" listip" from "MY IP"
L 02/26/2003 - 01:51:16: Rcon: "rcon MY Rcon Request # "MY Real RCON Password" writeid" from "MY IP"
L 02/26/2003 - 01:51:16: Rcon: "rcon MY Rcon Request # "MY Real RCON Password" writeip" from "MY IP"
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Note: These are from multiple logs. Turns out I banned him this morning at 1:51 am EST (or last night, depending on how you look at it). If you hadn't posted this, he'd probably still be trying to hack me. (The last attempt was less than 20 minutes before I saw your post).
[edit]Could anyone who did report this guy post the email that you sent? I really have no clue how to word it. Also, who do I send the email to? (i.e. what is the address, don't just respond "the isp").[/edit]
OrgName: AEI Internet Inc.
OrgID: AEII
Address: 2124 Drummond Street
City: Montreal
StateProv: QC
PostalCode: H3G 1W9
Country: CA
NetRange: 66.36.128.0 - 66.36.143.255
CIDR: 66.36.128.0/20
NetName: AEI-NET-BLK-2
NetHandle: NET-66-36-128-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: GAMMA.AEI.CA
NameServer: DELTA.AEI.CA
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2002-08-22
Updated: 2002-08-22
TechHandle: JV156-ARIN
TechName: Verreault, John
TechPhone: +1-514-284-4452
TechEmail: verreaul@aei.ca
I suggest everyone email them and tell them about this. Let them know that cracking rcon is a way for them to gain control of you server and run commands on it. <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
This should help you send anything in. I wrote a semi-extensive letter to the tech admin. We will see what action is taken, if any.
Heres what he has to say....
"Thanks for taking the time to send this note.
We have identified the ip address in question and have suspended the
account.
We are usually reluctant to do this unless a formal complaint is received
from the appropriate authorities (Law enforcement agencies). We do not think
it is our place to be judge and jury and there is a possibility that we
could be sued for not providing service under contract despite an acceptable
use policy. I doubt anyone affected would come to Montreal to testify on our
behalf should we be sued for not providing service to a suspected hacker.
Quebec has very strong consumer protection laws.
However, we are now finding that law enforcement agencies throughout North
America are better equipped to deal with these types of crimes. A formal
complaint to the appropriate Law Enforcement Agency in my opinion is the
best way to deal with the situation. Law enforcement agencies are able to
cooperate across borders with these types of crimes and we have been
involved and always fully cooperate in these situations.
Our suspending the users account, does not solve the problem. It just makes
him/her change providers.
I encourage all those involved to file a formal (possibly joint) complaint
against the suspected hacker.
I would think that everyone's interests are better served this way.
Yours truly,
John Verreault
AEI Internet"
We should do the same thing for Battletech and other people that do this.
<!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->
L0225008.log:L 02/25/2003 - 17:52:05: Bad Rcon: "rcon 122741672 omg sv_gravity 800" from "66.36.139.168:4737"
L0225008.log:L 02/25/2003 - 17:52:57: Bad Rcon: "rcon 122741672 owned sv_gravity 800" from "66.36.139.168:1188"
L0225008.log:L 02/25/2003 - 17:54:06: Bad Rcon: "rcon 122741672 0wnage sv_gravity 800" from "66.36.139.168:1750"
L0225008.log:L 02/25/2003 - 17:54:16: Bad Rcon: "rcon 122741672 karl sv_gravity 800" from "66.36.139.168:1836"
L0225008.log:L 02/25/2003 - 17:54:20: Bad Rcon: "rcon 122741672 qwerty sv_gravity 800" from "66.36.139.168:1869"
L0225008.log:L 02/25/2003 - 17:54:32: Bad Rcon: "rcon 122741672 secret sv_gravity 800" from "66.36.139.168:1969"
L0225008.log:L 02/25/2003 - 17:54:35: Bad Rcon: "rcon 122741672 babe sv_gravity 800" from "66.36.139.168:1995"
L0225010.log:L 02/25/2003 - 20:21:11: Bad Rcon: "rcon 122741672 leet sv_gravity 800" from "66.36.139.168:2427"
L0225010.log:L 02/25/2003 - 20:21:40: Bad Rcon: "rcon 122741672 ohmygod sv_gravity 800" from "66.36.139.168:2676"
L0225010.log:L 02/25/2003 - 20:21:47: Bad Rcon: "rcon 122741672 baby sv_gravity 800" from "66.36.139.168:2727"
L0225010.log:L 02/25/2003 - 20:23:38: Bad Rcon: "rcon 122741672 fuckyou sv_gravity 800" from "66.36.139.168:3626"
L0225010.log:L 02/25/2003 - 20:23:39: Bad Rcon: "rcon 122741672 own sv_gravity 800" from "66.36.139.168:3641"
L0225010.log:L 02/25/2003 - 20:23:46: Bad Rcon: "rcon 122741672 carl sv_gravity 800" from "66.36.139.168:3693"
L0225010.log:L 02/25/2003 - 20:23:50: Bad Rcon: "rcon 122741672 access sv_gravity 800" from "66.36.139.168:3728"
L0225012.log:L 02/25/2003 - 22:40:15: Bad Rcon: "rcon 122741672 blood sv_gravity 800" from "66.36.139.168:3578"
L0225012.log:L 02/25/2003 - 22:48:00: Bad Rcon: "rcon 122741672 george sv_gravity 800" from "66.36.139.168:3681"
L0225012.log:" of length 214, max size is 160L 02/25/2003 - 22:52:09: Bad Rcon: "rcon 122741672 rofl sv_gravity 800" from "66.36.139.168:1785"
L0225012.log:L 02/25/2003 - 22:54:02: Bad Rcon: "rcon 122741672 alpha sv_gravity 800" from "66.36.139.168:2696"
L0225012.log:L 02/25/2003 - 22:54:08: Bad Rcon: "rcon 122741672 0wn sv_gravity 800" from "66.36.139.168:2740"
L0225012.log:L 02/25/2003 - 22:54:10: Bad Rcon: "rcon 122741672 **** sv_gravity 800" from "66.36.139.168:2754"
L0225012.log:L 02/25/2003 - 22:54:35: Bad Rcon: "rcon 122741672 1234 sv_gravity 800" from "66.36.139.168:2950"
L0226000.log:L 02/26/2003 - 00:59:42: Bad Rcon: "rcon 122741672 cocacola sv_gravity 800" from "66.36.139.168:1409"
L0226000.log:L 02/26/2003 - 01:19:00: Bad Rcon: "rcon 122741672 bob sv_gravity 800" from "66.36.139.168:3029"
L0226000.log:L 02/26/2003 - 01:23:55: Bad Rcon: "rcon 122741672 lol sv_gravity 800" from "66.36.139.168:1473"
L0226000.log:L 02/26/2003 - 01:25:18: Bad Rcon: "rcon 122741672 0wned sv_gravity 800" from "66.36.139.168:2150"
L0226000.log:L 02/26/2003 - 01:25:27: Bad Rcon: "rcon 122741672 shibby sv_gravity 800" from "66.36.139.168:2227"
L0226000.log:L 02/26/2003 - 01:25:27: Bad Rcon: "rcon 122741672 america sv_gravity 800" from "66.36.139.168:2238"
L0226000.log:L 02/26/2003 - 01:25:43: Bad Rcon: "rcon 122741672 12345 sv_gravity 800" from "66.36.139.168:2369"
L0226001.log:L 02/26/2003 - 03:11:36: Bad Rcon: "rcon 122741672 vampire sv_gravity 800" from "66.36.139.168:2746"
L0226002.log:L 02/26/2003 - 03:51:40: Bad Rcon: "rcon 122741672 ownage sv_gravity 800" from "66.36.139.168:2623"
L0226002.log:L 02/26/2003 - 03:56:02: Bad Rcon: "rcon 122741672 "elite" sv_gravity 800" from "66.36.139.168:4760"
L0226002.log:L 02/26/2003 - 03:56:52: Bad Rcon: "rcon 122741672 haha sv_gravity 800" from "66.36.139.168:1196"
L0226002.log:L 02/26/2003 - 03:57:46: Bad Rcon: "rcon 122741672 james sv_gravity 800" from "66.36.139.168:1624"
L0226002.log:L 02/26/2003 - 03:58:02: Bad Rcon: "rcon 122741672 anarchy sv_gravity 800" from "66.36.139.168:1753"
L0226002.log:L 02/26/2003 - 03:58:12: Bad Rcon: "rcon 122741672 123456 sv_gravity 800" from "66.36.139.168:1842"
<!--c2--></td></tr></table><span class='postcolor'><!--ec2-->
I dont mind drafting a letter, since I started the thread thats the least I can do. However, I wont be able to start til next week because I will be out of town on business for the next 5 days.
What I would like are your thoughts on how we should address the letter, content etc. Please send your thoughts to the email address below and I will consider whether the information is relevent. Once I have it written up, I will forward it to anyone who wants to be privy to the situation.
Also, if you want to add your name to the letter, email me too.
Stuart.
admin@djbookings.net
By RFC, abuse@<domain> should work. However, have a look here first:
Once you've converted the IP address into the responsible domain (using DNS, whois lookups at ARIN/RIPE/APNIC/LACNIC, etc), look it up at <a href='http://abuse.net/' target='_blank'>http://abuse.net/</a> :
<a href='http://abuse.net/lookup.phtml?DOMAIN=aei.ca' target='_blank'>http://abuse.net/lookup.phtml?DOMAIN=aei.ca</a>
As a point of courtesy, I recommend prefixing your letter with something akin to "I have emailed this to <address>, as that's what a search for <domain> at <a href='http://abuse.net/' target='_blank'>http://abuse.net/</a> returned." That way, if you end up emailing the wrong person, they know where to go to fix the incorrect listing.
Avoid emailing the person listed from an IP-whois if possible. The person responsible for managing a company's IP space is often not the person who handles abuse complaints.