Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Deleting Spammers From Cpanel


  • Please log in to reply
8 replies to this topic

#1 Simple Simon

Simple Simon

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NEast USA
  • Local time:03:58 AM

Posted 14 September 2007 - 02:13 PM

I run a community message board which uses cPanel. Recently I have been invaded by a large group of seemingly very young spammers. Most I have been able to deal with but several appear to be on dial-up and have dynamic IP numbers. Let us say a number is; 123.456.7.89. I have entered both; 123.456.7.0 and 123.456.0.0 into my IP Deny Manager yet they are back again within the hour sporting a new last octet. Can anyone tell me what I am doing wrong?

Thanks. :thumbsup:

Edited by Simple Simon, 14 September 2007 - 02:17 PM.

- Simon

All those who believe in telekinesis raise my right hand.

BC AdBot (Login to Remove)

 


#2 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:01:58 AM

Posted 15 September 2007 - 10:13 AM

If they are on dial up they may be selecting another access number, which may me a different ISP. I know locally I can use 1 of 8 different numbers all through different local ISPs.
Have you contacted the ISP the IP addresses are assigned to in an attempt to find out who is spamming you?
"2007 & 2008 Windows Shell/User Award"

#3 Simple Simon

Simple Simon
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NEast USA
  • Local time:03:58 AM

Posted 15 September 2007 - 03:33 PM

acklan, they are from Russia so contacting their ISPs may be difficult. But since then I have spoken to another forum owner who uses cPanel and she was able to tell me what I was doing wrong. Rather than placing 123.456.7.0 into into the IP Deny Manager just leave the last octet blank. ie/ 123.456.7. This sure does work. I had three of them trying to get back in and each got the dreaded, "403" code in response. :thumbsup:I won!

Would you believe there is one fanatical nut who tried all night to get back in? He would alternate from my website to my forums and back again. I saw this morning he took three hours off to sleep them was hard at it again this morning. He's probably still there, banging his head on my door. :thumbsup:

Thanks for your response,

Simon.
- Simon

All those who believe in telekinesis raise my right hand.

#4 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:01:58 AM

Posted 15 September 2007 - 04:20 PM

Would you believe there is one fanatical nut who tried all night to get back in? He would alternate from my website to my forums and back again. I saw this morning he took three hours off to sleep them was hard at it again this morning. He's probably still there, banging his head on my door. :flowers:

Thanks for your response,

Simon.

Nice to see such devotion to their work. :trumpet: :inlove: :cool: :thumbsup:
Maybe you should change the 403 error message default to something that would let them know they are busted, in Russian maybe. :)
"2007 & 2008 Windows Shell/User Award"

#5 Simple Simon

Simple Simon
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NEast USA
  • Local time:03:58 AM

Posted 15 September 2007 - 10:22 PM

Ahem... he is still there. He has no more sleep yet and it is now coming up 11.30pm eastern US and he is furiously hammering away in bursts of one and two futile tries. I feel good. I feel as though I have given someone a purpose in life.

Good night all, at least I need some sleep.

Simon :thumbsup:
- Simon

All those who believe in telekinesis raise my right hand.

#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:58 AM

Posted 16 September 2007 - 06:49 AM

When I ran an FTP server not long ago, I posted the IP addresses of the intrusion attempts on the login page - that stopped them in their tracks! :thumbsup:
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 bertram

bertram

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 17 September 2007 - 11:17 AM

Pardon me for butting in. I am using cPanel via my web hosting site. Presumably their security will stop these attempts. I know of one hacker, crackers child, got through the hosts security and wiped out all of my index pages and left a message. So I am a little concerned.

Regards Bertie

#8 Simple Simon

Simple Simon
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NEast USA
  • Local time:03:58 AM

Posted 19 September 2007 - 01:41 PM

Hi John, (usasma), I sure enjoyed reading your post. That's as good a deed as I've ever heard. Keep up the good work whenever you get a chance. :thumbsup:

BTW: I was in cPanel maybe 40 minutes ago and the kid's still there. He's hammering away like he's boring through a wall knowing he'll reach the other side eventually. I guess he could wander down to the nearest Internet café and use their IP number to get back in. I've no doubt he'll think of that one day... and I'll be there waiting. Heh.

Edited by Simple Simon, 19 September 2007 - 01:47 PM.

- Simon

All those who believe in telekinesis raise my right hand.

#9 Simple Simon

Simple Simon
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NEast USA
  • Local time:03:58 AM

Posted 19 September 2007 - 01:51 PM

Hi there Bertie. I've no doubt there are people who can do just that but I'm not too worried about this particular kid. As you have seen by reading these posts he's not the sharpest knife in the drawer. Hacker material he is not. :thumbsup:
- Simon

All those who believe in telekinesis raise my right hand.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users