This list has been updated to cover the period of December 31, 2011 through January 30, 2013. During this period around 180 different ip numbers were involved for a total of 6069 login attempts. These numbers and ip’s only reflect activity I believe to be a part of this particular (what I believe to be) bot network. IN ADDITION, there were twelve days of no bot activity – I have reason to believe the hosting company responsible for the ip controlling the compromised websites may have stopped it on their end but now the hackers are back again.
**Please see note below the list of ip’s.

I suspect that these ip’s have been compromised and are being used as part of a bot network. I’m not wasting my time checking each ip individually, but those I have checked are either websites or placeholders for websites. In working with the webmaster of one of the compromised sites, it was found that a rogue script had been uploaded to their site, allowing someone without authority to use it as they saw fit. Whether these ip’s are compromised individually or if the server they are hosted on has been compromised I don’t know, but either way, it’s not good.

**If you are in control of any of these ip’s and feel you have been listed in error, please contact me and I’ll recheck my logs and send you copies or if I did make a mistake correct the listing.

One Comment

  1. I haven’t updated the list of ip’s being used to try to log into this blog for awhile. The attempts even stopped for a bit, but I noticed that they started up again on April 5, 2013, this time with a new batch of ip’s so I thought I’d share them with anyone interested. This list only goes through 7:13 EST of April 6th.

Leave a Reply

Your email address will not be published. Required fields are marked *