Best Blackhat Forum

Best Blackhat Forum > Freebies > Software, Scripts, Plug-ins, Tools and Bots > Xrumer Help
Full Version: Xrumer Help
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

brennebn

09-18-2012, 04:22 AM
I have been using Xrumer from here behind the VMWare but without proxies. Recently, my ISP sent me reports of Botnet activity from my account. I didn't think much of it until today I got a third report. I included the report below. Again, I have not been using proxies. If I start using proxies will it help me to avoid any more of these reports and not have to worry about honeypots in my lists?

Quote: your Server with the IP: xxxxxxxxxx has attacked one of our server/partner on the service:
"regbot" on Time: Fri, 14 Sep 2012 00:58:41 +0200. The time is from the Server of the blocklist-user
We received the Attack on the BlockList de-System on: Fri, 14 Sep 2012 00:57:12 +0200

The IP was automatically blocked for a while time. To block an IP, it needs
most 3 failed Logins (ssh, imap....), one match for "invalid user" or a 5xx-Error-Code (eg.
Blacklist on mail...)! The Server-Owner can set the limits and not blocklist dot de!

Please check the machine behind the IP xx xxx xxx.xx (xx xxx xxx.xx dhcp insightbb com) and fix the problem.
This is the 6 Attack (reported: 6) from this IP; see:

When you need the Logs in the Body of Mail (and not as an Attachment), please answer us.

You can parse this Mail with X-ARF-Tools from
You found more Information about X-Arf under

This mail will be sent again after one day if more attacks are recognized.
In the attachment of this mail you can find the original protocols of our systems.

To pause this message for one week, you can insert the IP and E-Mailaddress to our Blocklist.
If more attacks of your network are recognized after the pause of seven days, the block will
be canceled and you will get new reports.
We found your address in the Whois-Data from the IP under the SearchString "arin-abuse (Cache)"
Answer us to rewrite the address (to abuse-quiet or a special address) for all upcoming reports.

He has registered automatically on a honeypot Wiki/Forum/Blog-System....
At the site there is a notice that all postings and registrations will be reported.
He used xrumer or other Tools or had a false configured mod_rewrite/mod_proxy who is abused:

1up

08-16-2013, 04:35 AM
Too old thread but the solution is using private proxies. I have also received the same dig message from my VPS provider.

xuber

08-16-2013, 07:04 AM
You need to figure out if it was Xrumer that did this or some infection inside the VPS first before you think of proxies. Having said that, yeah lack of proxies can obviously cause this too but you can never be sure.
Best Blackhat Forum > Freebies > Software, Scripts, Plug-ins, Tools and Bots > Xrumer Help
Reference URL's