It appears that securitymetrics.com (never heard of them before) is in the process of bombarding my site searching for holes. They have made about 60 attempts in the last 2 hours and are still trying.

Just a heads up to everyone else on the shared server.

Which server? ;)

www06

I think they may have stopped now, or at least slowed down.

No . . . they just took a break . . . still coming . . .

How do you get the information?

why don't we test their site for holes as well ? he he he...!!!

I've had several of these attempts lately, seems to always happen on a Sunday in my case.

The domain name "referer" seems to be spoofed, as the actual IP is always for an IP block out of Beijing, China.

The last attempts (over 100 within 2 mins) was yesterday. The referer domain was listed as "mtv.blog-se.com.br/blog/" but the IP block (211.154.166.0 - 211.154.167.255) was the same "Access Network/ISP/Haidian District, Beijing".

still coming . . .

Originally posted by Naveen
How do you get the information?

My site emails me during an attack.

Originally posted by johnny15
grr....they may crash the whole servers !
why don't we test their site for holes as well ? he he he...!!!

It is very low volume. Won't crash anyone. And they won't find anything to exploit.

Originally posted by (jj)
I've had several of these attempts lately, seems to always happen on a Sunday in my case.

The domain name "referer" seems to be spoofed, as the actual IP is always for an IP block out of Beijing, China.

The last attempts (over 100 within 2 mins) was yesterday. The referer domain was listed as "mtv.blog-se.com.br/blog/" but the IP block (211.154.166.0 - 211.154.167.255) was the same "Access Network/ISP/Haidian District, Beijing".

Did some more checking.

This IP Address belongs to an outfit called Icon Developments in Utah. The host name lookup turns up securitymetrics.com - and on their website they say they are in Utah also. So I assume they are related.

But the hits just keep coming.

They have been at it for so long . . . and so slowly . . . that I am beginning to think they may have a systems problem that is just hitting me for some reason.

No big deal.

They seem to be fishing for formmail, a console, password scripts, uploaders, etc

How do you generate an EMail when you are being probed?

Originally posted by sghogan
How do you generate an EMail when you are being probed?

http://help.powweb.com/info/404.php

Ooh, I like that script. I think I will add it in once I start re-doing my site.

I really need to browse the help pages more often :)

I got probed just the other day.


:D That's why I hate doctor's visits! :D

Originally posted by Nino
I got probed just the other day. haha....season one South Park episode comes to mind.... :D

12 hours of this is enough . . . their IP address has been banned.