amuck-landowner

FraudRecord outage

qps

Active Member
Verified Provider
It looks like FraudRecord is down or having some kind of issue.  I just got a "500 Internal Server Error" on their main site, and the WHMCS app isn't working.  I checked their Twitter account and didn't see anything.
 

KuJoe

Well-Known Member
Verified Provider
It's been a multitude of problems today. Harzem was working on it earlier and I was mitigating a unique attack that kept bringing the VPS offline. Hang tight. :)
 

drmike

100% Tier-1 Gogent
Glad to see @KuJoe tending to attacks like this.  There aren't many companies out there period that get near such matters.  When the filtering on autopilot doesn't cut it, usually the customer is SoL and offline, regardless of price point or protection allegedly offered.

Dealing with one off stuff like this is very rare.   Good show KuJoe!
 

XFS_Duke

XFuse Solutions, LLC
Verified Provider
I received roughly 30 password reset emails all stemming from this IP: [SIZE=11pt]60.248.162.179[/SIZE]

[SIZE=11pt]Was this part of the attack?[/SIZE]
 

harzem

New Member
@KuJoe there was an attack yesterday, abusing the password reminder form to send mass emails. I added a captcha to the form so it should stop them for now.
 

Licensecart

Active Member
I received roughly 30 password reset emails all stemming from this IP: [SIZE=11pt]60.248.162.179[/SIZE]

[SIZE=11pt]Was this part of the attack?[/SIZE]

Meh that's from twnic.net.tw and it's a big block so we can't just ban the block.
 

rds100

New Member
Verified Provider
But maybe the mods here can try to correlate the IP with some user logging in the forum from this IP?
 
Last edited by a moderator:

DomainBop

Dormant VPSB Pathogen
I received roughly 30 password reset emails all stemming from this IP: [SIZE=11pt]60.248.162.179[/SIZE]

[SIZE=11pt]Was this part of the attack?[/SIZE]

That IP has a spotless reputation.

rDNS for IP 60.248.162.179    
tor-exit.timluo.net
OK
IP Addresses for tor-exit.timluo.net    
60.248.162.175
OK
=======================
LISTED    CBL    60.248.162.179 was listed  Detail    3600    1017    Ignore
 LISTED    DAN TOR    60.248.162.179 was listed  Detail    300    297    Ignore
 LISTED    DAN TOREXIT    60.248.162.179 was listed  Detail    300    281    Ignore
 LISTED    MAILSPIKE BL    60.248.162.179 was listed  Detail    60    281    Ignore
 LISTED    MAILSPIKE Z    60.248.162.179 was listed  Detail    120    281    Ignore
 LISTED    SECTOOR EXITNODES    60.248.162.179 was listed  Detail    241    109    Ignore
 LISTED    Spamhaus ZEN    60.248.162.179 was listed  Detail    300    94    Ignore
 

KuJoe

Well-Known Member
Verified Provider
100% of attacks against FraudRecord have been from TOR exits. I will update the firewall rules shortly with the latest list of exits.
 

drmike

100% Tier-1 Gogent
100% of attacks against FraudRecord have been from TOR exits. I will update the firewall rules shortly with the latest list of exits.

Same attack origin a while back with vpsBoard and ToR exits were blocked for a while due to such.
 
Top
amuck-landowner