# FraudRecord outage



## qps (Jul 1, 2015)

It looks like FraudRecord is down or having some kind of issue.  I just got a "500 Internal Server Error" on their main site, and the WHMCS app isn't working.  I checked their Twitter account and didn't see anything.


----------



## MannDude (Jul 1, 2015)

Hopefully @harzem is aware of this and working on it. I am sure he is.


----------



## KuJoe (Jul 1, 2015)

It's been a multitude of problems today. Harzem was working on it earlier and I was mitigating a unique attack that kept bringing the VPS offline. Hang tight.


----------



## KuJoe (Jul 1, 2015)

It's back online now, another attack brought some services offline so I've restarted the VPS for Harzem.


----------



## harzem (Jul 2, 2015)

Couldn't have saved it without KuJoe's help!


----------



## MichaelFindlay (Aug 6, 2015)

Perhaps a disgruntled spammer?!


----------



## drmike (Aug 6, 2015)

Glad to see @KuJoe tending to attacks like this.  There aren't many companies out there period that get near such matters.  When the filtering on autopilot doesn't cut it, usually the customer is SoL and offline, regardless of price point or protection allegedly offered.

Dealing with one off stuff like this is very rare.   Good show KuJoe!


----------



## Profuse-Jim (Aug 6, 2015)

PM if you're still interested in the sponsorship in the form of a dedicated server.


----------



## XFS_Duke (Aug 7, 2015)

I received roughly 30 password reset emails all stemming from this IP: [SIZE=11pt]60.248.162.179[/SIZE]

[SIZE=11pt]Was this part of the attack?[/SIZE]


----------



## KuJoe (Aug 7, 2015)

@XFS_Duke from July 1st or recently?


----------



## harzem (Aug 7, 2015)

@KuJoe there was an attack yesterday, abusing the password reminder form to send mass emails. I added a captcha to the form so it should stop them for now.


----------



## Licensecart (Aug 7, 2015)

XFS_Duke said:


> I received roughly 30 password reset emails all stemming from this IP: [SIZE=11pt]60.248.162.179[/SIZE]
> 
> [SIZE=11pt]Was this part of the attack?[/SIZE]



Meh that's from twnic.net.tw and it's a big block so we can't just ban the block.


----------



## rds100 (Aug 7, 2015)

But maybe the mods here can try to correlate the IP with some user logging in the forum from this IP?


----------



## DomainBop (Aug 7, 2015)

XFS_Duke said:


> I received roughly 30 password reset emails all stemming from this IP: [SIZE=11pt]60.248.162.179[/SIZE]
> 
> [SIZE=11pt]Was this part of the attack?[/SIZE]



That IP has a spotless reputation.

rDNS for IP 60.248.162.179    
tor-exit.timluo.net
OK
IP Addresses for tor-exit.timluo.net    
60.248.162.175
OK
=======================
LISTED    CBL    60.248.162.179 was listed  Detail    3600    1017    Ignore
 LISTED    DAN TOR    60.248.162.179 was listed  Detail    300    297    Ignore
 LISTED    DAN TOREXIT    60.248.162.179 was listed  Detail    300    281    Ignore
 LISTED    MAILSPIKE BL    60.248.162.179 was listed  Detail    60    281    Ignore
 LISTED    MAILSPIKE Z    60.248.162.179 was listed  Detail    120    281    Ignore
 LISTED    SECTOOR EXITNODES    60.248.162.179 was listed  Detail    241    109    Ignore
 LISTED    Spamhaus ZEN    60.248.162.179 was listed  Detail    300    94    Ignore


----------



## KuJoe (Aug 7, 2015)

100% of attacks against FraudRecord have been from TOR exits. I will update the firewall rules shortly with the latest list of exits.


----------



## drmike (Aug 7, 2015)

KuJoe said:


> 100% of attacks against FraudRecord have been from TOR exits. I will update the firewall rules shortly with the latest list of exits.



Same attack origin a while back with vpsBoard and ToR exits were blocked for a while due to such.


----------

