50.gif
Best Blackhat Forum / Freebies / Software, Scripts, Plug-ins, Tools and Bots / Xrumer Help

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

New Reply
 
09-18-2012, 04:22 AM (This post was last modified: 09-18-2012 04:23 AM by brennebn.)
Post: #1
brennebn Offline
Newbie
***
Posts: 5
Joined: May 2012

Reputation: 1
Xrumer Help
I have been using Xrumer from here behind the VMWare but without proxies. Recently, my ISP sent me reports of Botnet activity from my account. I didn't think much of it until today I got a third report. I included the report below. Again, I have not been using proxies. If I start using proxies will it help me to avoid any more of these reports and not have to worry about honeypots in my lists?

Quote: your Server with the IP: xxxxxxxxxx has attacked one of our server/partner on the service:
"regbot" on Time: Fri, 14 Sep 2012 00:58:41 +0200. The time is from the Server of the blocklist-user
We received the Attack on the BlockList de-System on: Fri, 14 Sep 2012 00:57:12 +0200

The IP was automatically blocked for a while time. To block an IP, it needs
most 3 failed Logins (ssh, imap....), one match for "invalid user" or a 5xx-Error-Code (eg.
Blacklist on mail...)! The Server-Owner can set the limits and not blocklist dot de!

Please check the machine behind the IP xx xxx xxx.xx (xx xxx xxx.xx dhcp insightbb com) and fix the problem.
This is the 6 Attack (reported: 6) from this IP; see:

When you need the Logs in the Body of Mail (and not as an Attachment), please answer us.

You can parse this Mail with X-ARF-Tools from
You found more Information about X-Arf under

This mail will be sent again after one day if more attacks are recognized.
In the attachment of this mail you can find the original protocols of our systems.

To pause this message for one week, you can insert the IP and E-Mailaddress to our Blocklist.
If more attacks of your network are recognized after the pause of seven days, the block will
be canceled and you will get new reports.
We found your address in the Whois-Data from the IP under the SearchString "arin-abuse (Cache)"
Answer us to rewrite the address (to abuse-quiet or a special address) for all upcoming reports.

He has registered automatically on a honeypot Wiki/Forum/Blog-System....
At the site there is a notice that all postings and registrations will be reported.
He used xrumer or other Tools or had a false configured mod_rewrite/mod_proxy who is abused:
find Quote
08-16-2013, 04:35 AM
Post: #2
1up Offline
I HATE GB
*****
Posts: 6,616
Joined: Mar 2013

Reputation: 8358
RE:
Too old thread but the solution is using private proxies. I have also received the same dig message from my VPS provider.
Check my avatar and keep laughing.. Biggrin
find Quote
08-16-2013, 07:04 AM
Post: #3
xuber Offline
Member
***
Posts: 157
Joined: Jul 2012

Reputation: 6
RE:
You need to figure out if it was Xrumer that did this or some infection inside the VPS first before you think of proxies. Having said that, yeah lack of proxies can obviously cause this too but you can never be sure.
find Quote
New Reply
 




76.gif
Contact Us | BestBlackhatForum | Return to Top | Return to Content | Lite (Archive) Mode