I just wanted to thank all the hackers out there continuously attempting to gain access to any one of my websites.
And yes, I can safely affirm these are hackers as they have attempted to login to my site using various usernames/passwords. Beyond which the login itself is obfuscated, so they have taken step to identify how to get into the site… I’m assuming they are using something like Tor to randomize their IP to enable them to keep making attempts to gain access to my sites. To bad they don’t realize there truly is nothing there to find; no contact information, no credit cards, … nothing. Everything is front facing already.
I used to send e-mail to the Domain Host or Registrars, but sadly they fall on deaf ears and ICANN choose to not get involved allowing the lawlessness to go unchecked in this manner. So below is an ongoing listing of people attempting to hack their way into my sites:
| Date | IP | Host |
| 2015-02-02 | 42.112.31.88 | 42.112.31.88 |
| 2015-02-01 | 178.137.87.242 | 178-137-87-242-lvv.broadband.kyivstar.net |
| 2015-01-31 | 178.63.98.145 | zoeller-server.de |
| 2015-01-30 | 42.117.1.232 | mail.benhnao.vn |
| 2015-01-28 | 37.187.252.148 | spolkacti.eu |
| 2015-01-28 | 192.185.82.147 | mirada.websitewelcome.com |
| 2015-01-28 | 205.144.171.44 | 205-144-171-44.alchemy.net |
| 2015-01-28 | 186.202.153.164 | hm8296.locaweb.com.br |
| 2015-01-28 | 62.210.209.97 | c13.iservidorweb.com |
| 2015-01-28 | 77.222.56.123 | vh219.sweb.ru |
| 2015-01-28 | 195.88.209.102 | mail.collectiondart.eu |
| 2015-01-28 | 119.82.226.24 | ip-host.226.24 |
| 2015-01-27 | 185.42.12.3 | s03dl1.royaltelesystems.net |
| 2015-01-27 | 74.208.148.4 | fastshotindustries.com |
| 2015-01-27 | 148.251.52.179 | static.179.52.251.148.clients.your-server.de |
| 2015-01-27 | 8.29.130.147 | 8-29-130-147.bhsrv.net |
| 2015-01-27 | 192.254.192.94 | com.comoganareninternet.com |
| 2015-01-27 | 188.64.132.43 | bc40842b.pool.clients.netwi.ru |
| 2015-01-24 | 192.185.4.77 | gator4066.hostgator.com |
| 2015-01-24 | 50.87.144.98 | gator3079.hostgator.com |
| 2015-01-24 | 188.65.116.66 | mars.servers.rbl-mer.misp.co.uk |
| 2015-01-24 | 104.193.110.155 | s03.plothost.com |
| 2015-01-24 | 82.146.54.128 | rekkost.ru |
| 2015-01-23 | 195.154.240.246 | 195-154-240-246.rev.poneytelecom.eu |
| 2015-01-21 | 45.114.116.73 | 45.114.116.73 |
| 2015-01-21 | 46.105.127.182 | ns385481.ovh.net |
| 2015-01-20 | 142.147.112.227 | 142-147-112-227.ptr.nxlink.com |
| 2015-01-20 | 223.27.15.198 | cpanel.webonline.com.au |
| 2015-01-20 | 37.16.0.73 | 37.16.0.73 |
| 2015-01-19 | 92.53.96.93 | amber.timeweb.ru |
| 2015-01-19 | 192.185.4.73 | gator4062.hostgator.com |
| 2015-01-19 | 199.204.248.106 | cpanel06.myhostcenter.com |
| 2015-01-19 | 77.87.110.200 | ns1.host-php.com |
| 2015-01-19 | 210.212.233.39 | 210.212.233.39 |
| 2015-01-19 | 173.230.174.123 | 173-230-174-123.cable.teksavvy.com |
| 2015-01-19 | 186.202.161.32 | 186.202.161.32 |
| 2015-01-18 | 195.154.237.92 | 195-154-237-92.rev.poneytelecom.eu |
| 2015-01-17 | 195.154.241.35 | 195-154-241-35.rev.poneytelecom.eu |
| 2015-01-16 | 208.109.240.108 | ip-208-109-240-108.ip.secureserver.net |
| 2015-01-16 | 196.46.192.128 | pc64-lk.zamnet.zm |
| 2015-01-13 | 196.219.203.113 | host-196.219.203.113-static.tedata.net |
| 2015-01-13 | 94.113.250.94 | 94.113.250.94.static.b2b.upcbusiness.cz |
| 2015-01-09 | 141.8.193.44 | fulla.from.sh |
| 2015-01-07 | 211.23.127.140 | 211-23-127-140.HINET-IP.hinet.net |
| 2015-01-07 | 46.28.105.135 | wl75-wv10.wedos.net |
| 2015-01-06 | 103.6.198.111 | msv19-auriel.mschosting.com |
| 2015-01-06 | 37.61.237.88 | server94.web-hosting.com |
| 2015-01-06 | 208.113.224.193 | merbau.dreamhost.com |
| 2015-01-06 | 69.28.199.100 | hp143.hostpapa.com |
| 2015-01-06 | 82.98.134.233 | hl231.dinaserver.com |
| 2015-01-06 | 92.53.96.88 | angela.timeweb.ru |
| 2015-01-05 | 148.251.120.163 | paris.evalice.net |
| 2015-01-05 | 81.177.141.230 | 81.177.141.230 |
| 2015-01-05 | 193.202.110.177 | web-out2.one.com |
| 2015-01-05 | 196.33.156.100 | spiderman.digitalnetworks.co.za |
| 2015-01-05 | 94.46.176.15 | cp55.webserver.pt |
| 2015-01-05 | 148.163.122.2 | corporate.vip1.noc401.com |
| 2015-01-04 | 195.154.251.11 | 195-154-251-11.rev.poneytelecom.eu |
| 2015-01-04 | 94.73.148.218 | 94-73-148-218.cizgi.net.tr |
| 2015-01-04 | 89.31.97.84 | vps42426.public.cloudvps.com |
| 2015-01-04 | 207.198.105.185 | s6-lax.accountservergroup.com |
| 2015-01-03 | 92.53.125.30 | goethe.timeweb.ru |
| 2015-01-03 | 198.154.228.157 | digicom.digicom.com |
| 2015-01-03 | 136.243.55.165 | web02-de.ehlo.ro |
| 2015-01-03 | 185.72.144.111 | kuma.fullspace.ru |
| 2015-01-03 | 188.227.200.2 | 188.227.200.2 |
| 2015-01-03 | 103.250.184.235 | vps.vastustore.com |
| 2015-01-03 | 213.251.182.105 | gw-cluster005.ovh.net |
| 2015-01-02 | 85.128.142.85 | akl85.rev.netart.pl |
| 2015-01-02 | 192.185.4.56 | gator4045.hostgator.com |
| 2015-01-02 | 64.111.127.93 | turner.dreamhost.com |
| 2015-01-02 | 93.113.15.90 | 93.113.15.90 |
| 2015-01-02 | 162.213.255.68 | server151.web-hosting.com |
| 2015-01-02 | 78.142.133.162 | montgomery.dark-green.com |
| 2015-01-02 | 141.8.192.56 | tyr.from.sh |
| 2015-01-01 | 162.213.255.26 | server144.web-hosting.com |
| 2015-01-01 | 89.161.188.50 | v035610.home.net.pl |
| 2015-01-01 | 144.76.81.42 | fluorine.studio4web.com |
| 2015-01-01 | 212.65.13.114 | heisenberg.janus-rz.de |
| 2015-01-01 | 185.49.15.105 | vz17733.dahost.pl |
| 2015-01-01 | 87.242.64.138 | gen128.hs.shared.masterhost.ru |
| 2015-01-01 | 78.153.218.13 | pemlinweb162.blacknight.com |
| 2015-12-31 | 208.113.171.197 | charlton.dreamhost.com |
| 2015-12-31 | 94.73.148.140 | 94-73-148-140.cizgi.net.tr |
| 2015-12-31 | 68.65.122.212 | host39.registrar-servers.com |
| 2015-12-31 | 69.164.196.31 | li111-31.members.linode.com |
| 2015-12-31 | 95.211.219.19 | server20.areait.lv |
| 2015-12-31 | 188.165.204.139 | web140-management.shellrent.com |
| 2015-12-30 | 178.32.239.96 | 178.32.239.96 |
| 2015-12-30 | 212.90.148.27 | w67.goneo.de |
| 2015-12-30 | 192.254.250.159 | gator3295.hostgator.com |
| 2015-12-30 | 46.28.105.102 | wl43-f259.wedos.net |
| 2015-12-30 | 195.154.188.9 | 195-154-188-9.rev.poneytelecom.eu |
| 2015-12-30 | 46.148.22.18 | 46.148.22.18 |
| 2015-12-30 | 216.194.173.196 | vps11770.inmotionhosting.com |
| 2015-12-29 | 213.251.182.110 | gw-cluster010.ovh.net |
| 2015-12-29 | 74.81.186.60 | s1012.avahost.net |
| 2015-12-29 | 108.167.189.15 | gator4190.hostgator.com |
| 2015-12-29 | 46.148.18.162 | 46.148.18.162 |
| 2015-12-29 | 192.185.176.119 | br122.hostgator.com.br |
| 2015-12-29 | 85.114.130.45 | green.web.saturas.net |
| 2015-12-29 | 195.154.240.176 | 195-154-240-176.rev.poneytelecom.eu |
| 2015-12-29 | 162.243.130.36 | 162.243.130.36 |
| 2015-12-29 | 46.148.18.162 | 46.148.18.162 |
| 2015-12-28 | 89.36.25.227 | s033.hostway.ro |
| 2015-12-28 | 195.154.237.149 | 195-154-237-149.rev.poneytelecom.eu |
| 2015-12-28 | 50.6.77.71 | web1402.opentransfer.com |
| 2015-12-28 | 46.148.18.162 | 46.148.18.162 |
| 2015-12-28 | 89.185.253.68 | justuseit.cz |
| 2015-12-28 | 213.251.182.111 | gw-cluster011.ovh.net |
| 2015-12-28 | 46.148.18.162 | 46.148.18.162 |
| 2015-12-28 | 82.165.148.214 | s18783476.onlinehome-server.info |
| 2015-12-27 | 98.130.2.20 | web417.opentransfer.com |
| 2015-12-27 | 46.148.18.162 | 46.148.18.162 |
| 2015-12-27 | 94.231.103.89 | linux84.unoeuro.com |
| 2015-12-27 | 80.78.250.103 | cp428.agava.net |
| 2015-12-27 | 94.124.9.73 | n27.netmark.pl |
| 2015-12-27 | 69.195.124.237 | box1037.bluehost.com |
| 2015-12-26 | 37.152.88.35 | hostingsrv11.dondominio.com |
| 2015-12-26 | 72.32.47.177 | 72.32.47.177 |
| 2015-12-26 | 213.236.202.83 | mail2.canopus.no |
| 2015-12-26 | 85.128.142.84 | akl84.rev.netart.pl |
| 2015-12-26 | 46.148.18.162 | 46.148.18.162 |
| 2015-12-26 | 94.73.150.149 | 94-73-150-149.cizgibilgisayar.com |
| 2015-12-26 | 46.148.22.18 | 46.148.22.18 |
| 2015-12-25 | 46.148.22.18 | 46.148.22.18 |
| 2015-12-25 | 78.108.80.63 | web6.majordomo.ru |
| 2015-12-25 | 46.148.18.162 | 46.148.18.162 |
| 2015-12-24 | 46.148.18.162 | 46.148.18.162 |
| 2015-12-23 | 96.80.202.137 | 96-80-202-137-static.hfc.comcastbusiness.net |
| 2015-12-23 | 46.148.18.162 | 46.148.18.162 |
| 2015-12-22 | 46.148.22.18 | 46.148.22.18 |
| 2015-12-22 | 46.148.18.162 | 46.148.18.162 |
| 2015-12-21 | 46.148.18.162 | 46.148.18.162 |
| 2015-12-20 | 195.154.250.88 | node1-fr.bytepanel.pw |
| 2015-12-20 | 87.106.100.117 | libpar.com |
| 2015-12-19 | 89.163.148.243 | ju243.jupiter.fastwebserver.de |
| 2015-12-18 | 91.196.11.84 | poczta.adamet.com.pl |
| 2015-12-17 | 195.154.240.176 | 195-154-240-176.rev.poneytelecom.eu |
| 2015-12-16 | 185.92.72.33 | h33-72.fcsrv.net |
| 2015-12-16 | 46.148.22.18 | 46.148.22.18 |
| 2015-12-15 | 185.24.96.79 | pismo.servers.eqx.misp.co.uk |
| 2015-12-15 | 195.214.149.197 | 195.214.149.197 |
| 2015-12-15 | 195.154.241.119 | prof.labz.fr |
| 2015-12-15 | 195.154.236.232 | 195-154-236-232.rev.poneytelecom.eu |
| 2015-12-14 | 46.148.22.18 | 46.148.22.18 |
| 2015-12-14 | 195.154.241.119 | prof.labz.fr |
| 2015-12-14 | 195.154.243.31 | 195-154-243-31.rev.poneytelecom.eu |
| 2015-12-14 | 195.154.240.176 | 195-154-240-176.rev.poneytelecom.eu |
| 2015-12-14 | 195.154.237.196 | 195-154-237-196.rev.poneytelecom.eu |
If anyone has a way to submit these IP addresses to a blacklist or another means to get them banned, please leave me a comment. I’m more than willing to help get them blocked, but domain registrars and hosts simply do very little to stop these hackers.
You are not alone!
2 2016/01/07 14:56:03 admin LOGIN_FAIL 46.148.18.162
3 2016/01/07 11:09:06 admin LOGIN_FAIL 46.148.18.162
4 2016/01/07 07:23:12 admin LOGIN_FAIL 46.148.18.162
5 2016/01/07 03:44:36 admin LOGIN_FAIL 46.148.18.162
6 2016/01/07 00:09:10 admin LOGIN_FAIL 46.148.18.162
7 2016/01/06 21:02:33 admin LOGIN_FAIL 46.148.22.18
8 2016/01/06 20:00:08 admin LOGIN_FAIL 46.148.18.162
9 2016/01/06 16:58:54 admin LOGIN_FAIL 46.148.22.18
10 2016/01/06 15:24:49 admin LOGIN_FAIL 46.148.18.162
11 2016/01/06 13:01:19 admin LOGIN_FAIL 46.148.22.18
12 2016/01/06 10:52:20 admin LOGIN_FAIL 46.148.18.162
13 2016/01/06 09:11:13 admin LOGIN_FAIL 46.148.22.18
14 2016/01/06 06:32:40 admin LOGIN_FAIL 46.148.18.162
15 2016/01/06 05:26:36 admin LOGIN_FAIL 46.148.22.18
16 2016/01/06 02:11:21 admin LOGIN_FAIL 46.148.18.162
17 2016/01/06 01:29:00 admin LOGIN_FAIL 46.148.22.18
18 2016/01/05 21:27:37 admin LOGIN_FAIL 46.148.18.162
19 2016/01/05 21:00:49 admin LOGIN_FAIL 46.148.22.18
20 2016/01/05 16:19:00 admin LOGIN_FAIL 46.148.22.18
21 2016/01/05 15:58:44 admin LOGIN_FAIL 46.148.18.162
22 2016/01/05 12:14:44 admin LOGIN_FAIL 46.148.18.162
23 2016/01/05 08:51:06 admin LOGIN_FAIL 46.148.22.18
and so on..
I actually sent an e-mail to the abuse e-mail associated with that IP address, but so far nothing. As I said, Host & Registrars for the most part just see $$$ signs and don’t truly want to halt such people.
They don’t want to “find” anything, but send Spam via your server and the backdoored WP instance…
Although, I do agree they want to use other people’s servers to send out mass amounts of SPAM, they also want any information they can get their hands on. We live in the digital age and any information = $$$. They sell everything; e-mail address lists, credit card information, user accounts, …
But your primary reasoning is very valid! They are most probably trying to simply hack the server to primarily send out more SPAM.
Even if they do manage, these servers are throttled, so they would quickly hit the maximum allowable number of e-mails!
Too bad they don’t put these same energies into improving the world instead of destroying it.
Hackers associated with IPs associated with ponytelecom.eu (a fake company) have been hitting our site hard the past few days, exactly as you described here and on your list. The last two days, all the IPs are in the range of 163.172.66.*
They just brought down a similar site to ours, Democraticunderground.com, talking to their admin, they are seeing the same IP range.
If you get hacking attempts from same IP over and over, why don’t you permanently block in your firewall?
If you are not server administrator, ask the administrator to block the IP. If administrator refuses or will not respond to your request, its time to move on and find a proper hosting company.
Way ahead of you! Regardless of all the steps one takes (blocking IPs, …) hackers are always changing domains, IPs so it’s a never ending game of cat and mouse. You can do everything in your power and still be victim.
With VPN hacker rotate their IP in a second and continue hacking, over and over.
Also, with most websites today, you don’t even need to bother your host as WordPress, Joomla, et al. all have various extensions that can automatically block IP and take step to try and secure things as best they can.
Use fail2ban to automatic block.
How to ….. block all those punks !!!! See below …
Check IP adresses at: (To block the complete range)
http://www.poneytelecom.eu/
https://www.tcpiputils.com/browse/ip-address/62.210.151.49
Block ALL poneytelecom.eu Lots of hacking attempts !!!
Iptables (Linux firewall) Command to block
iptables -A INPUT -s 62.210.0.0/16 -j DROP
iptables -A INPUT -s 195.154.0.0/16 -j DROP
iptables -A INPUT -s 212.129.0.0/18 -j DROP
iptables -A INPUT -s 212.129.0.0/18 -j DROP
iptables -A INPUT -s 62.4.0.0/19 -j DROP
iptables -A INPUT -s 212.83.128.0/19 -j DROP
iptables -A INPUT -s 212.83.160.0/19 -j DROP
iptables -A INPUT -s 212.47.224.0/19 -j DROP
iptables -A INPUT -s 163.172.0.0/16 -j DROP
iptables -A INPUT -s 51.15.0.0/16 -j DROP
iptables -A INPUT -s 151.115.0.0/16 -j DROP
service iptables save (Save rules) Redhat and centos