188.166.108.93 watch out for this IP Address

  • Somehow this IP Address was allowed through our cleantalk site security. IP Address 188.166.108.93 it shows coming from Netherlands ..We have blocked every country but the United States….Luckily we have some free plugins ( Banhammer and Loginizer ) that shows record of the URL’ s it was phishing for ..Other Abuse registries have this IP Address listed and mentioning brute force attacks, spam and hacking.. As we also run a home server and are capable of running decent security and firewalls in the backend – thought I’d send out this particular IP Address to those that manually want to blacklist and to not put complete faith in just cleantalk. I would definitely later my security well

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support Vadim

    (@usr1)

    Hello @zerotechz

    The request from 188.166.108.93 was allowed on?https://s***al.ze***er.tech?as shown in the?Security Logs. For this website, you have blacklisted only 3 countries, please check your?Personal Lists.

    All countries except the USA are blacklisted in your Personal Lists only for your second site.

    Thread Starter zerotechz

    (@zerotechz)

    when this site was set up I personally blocked all countries except the United States ..I know I did because I did it…The Urls I sent you through support are very dangerous ..1 of those urls are actually an injection …so let’s just say I did not block all countries ? At what point does your security get the hint out of 18 different hits from this IP Address that this IP address is dangerous..I mean one of these attacks was seriously an sql injection attempt…..like I said in support to you – you’ve made way too many mistakes and excuses for us .We will be locking permissions back down to 755 again…your firewalls are a joke

    Plugin Support Vadim

    (@usr1)

    Now all countries except the USA have been added to your Security Firewall’s Personal Blacklist for https://s***al.ze***er.tech and all new requests from this suspicious IP will be blocked.

    Thread Starter zerotechz

    (@zerotechz)

    Now that you’ve blocked all countries except the United States atleast you can reflect on this thread if this happens that your logs show only 3 countries were blocked again…however we are going back to 755 permissions and if this causes issues with syncing to cloud then so be it.

    /php-cgi/php-cgi.exe?/ADd+chi.force_redirect%3D0+%ADd+disable_functions%3D\”\”+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input

    the url above was sent from this IP address..This was 1 of 18 attempts and another

    /login.action

    At 1am we see a Switzerland IP Address running /.env in the Banhammer logs as well.

    You never responded to these either and the question .

    at what point does your security figure out that these are bad commands and engage ? Because what we are seeing is very bad and other abuse sites seem them as bad also..We checked

    like we said before your anti-spam service may be good except for the constant sync issues, but we never really had any sync issues with antispam plugin until we added your security plugin…Your security plugin is a letdown.

    But i am curious as to when your security feels it should start blocking malicious attempts even if no country was blocked.

    not so much just for us are we curious but I feel anyone using your plugin needs to know what your plugin provides and exactly what you think your plugin can do…

    Plugin Support eugenecleantalk

    (@eugenecleantalk)

    Thanks for the urls.

    I’ve passed the information on to our security specialists. We will respond within 3 business days.

    Plugin Support dimitrycleantalk

    (@dimitrycleantalk)

    Hello @zerotechz,

    Thank you for waiting.

    Our developers wrote signatures for such requests. Now they will be blocked.

    Did it help?

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.