The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hack attempts from cPanel

Discussion in 'General Discussion' started by dacanbe, Feb 9, 2006.

  1. dacanbe

    dacanbe Registered

    Joined:
    Feb 9, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    According to my logs, my server had several hack attempts coming from a cPanel server (63.247.79.189). I would like to know whom I should contact to resolve this situation (and if possible take sanctions against the account owner).

    Regards.
     
  2. elliotcooper

    elliotcooper Well-Known Member
    PartnerNOC

    Joined:
    May 18, 2005
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    I just did a little digging on that IP for you and although there is no PTR reverse map on that IP if you open a manual telnet connection to port 25 it identifies itself as:

    220-cpanel.cihans.com ESMTP Exim 4.52 #1 Thu, 09 Feb 2006 16:14:10 +0200

    the improtant bit there is:

    cpanel.cihans.com

    The whois for cihans.com is as follows:

    Registrant:
    qweqwe (CIHANS-COM-DOM)
    qweqwe
    qweqwe, 123123
    Turkey
    90.123123123
    90.123456
    cihan94@hotmail.com

    Domain Name: CIHANS.COM

    Administrative Contact:
    asdfadsf cihan94@hotmail.com
    adsfdasf
    asdfffdasf, 21312331
    Turkey
    90.12321312
    Fax- 90.123123123

    Technical Contact, Zone Contact:
    adsfdsafds cihan94@hotmail.com
    sdfsdfsdfd
    sdfsdfdsf, 3211234
    Turkey
    90.321432423
    Fax- 90.123456

    Record last updated on 02-Feb-2006.
    Record expires on 17-Jan-2007.
    Record created on 17-Jan-2005.

    Domain servers in listed order:

    Name Server: ns1.cihans.com
    Name Server: ns2.cihans.com

    You should try the email address but I wouldn't hold out too much hope there.

    The other option is to complain to the IP block owner as they can remove connectivity to the server and usuall get a result. The IP is registered to:

    OrgName: Global Net Access, LLC
    OrgID: GNAL-2
    Address: 55 Marietta St, NW
    Address: Suite 1720
    City: Atlanta
    StateProv: GA
    PostalCode: 30303
    Country: US

    ReferralServer: rwhois://rwhois.gnax.net:4321

    NetRange: 63.247.64.0 - 63.247.95.255
    CIDR: 63.247.64.0/19
    NetName: GNAXNET
    NetHandle: NET-63-247-64-0-1
    Parent: NET-63-0-0-0-0
    NetType: Direct Allocation
    NameServer: DNS1.GNAX.NET
    NameServer: DNS2.GNAX.NET
    Comment: Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    Comment: Comment: ********************************************
    Comment: Comment: Reassignment information for this block is
    Comment: Comment: available at rwhois.gnax.net port 4321
    Comment: Comment: ********************************************
    RegDate: 2003-04-11
    Updated: 2004-02-06

    OrgAbuseHandle: ABUSE745-ARIN
    OrgAbuseName: Abuse
    OrgAbusePhone: +1-404-230-9150
    OrgAbuseEmail: abuse@gnax.net

    OrgTechHandle: ENGIN7-ARIN
    OrgTechName: Engineering
    OrgTechPhone: +1-404-230-9150
    OrgTechEmail: engineering@gnax.net

    # ARIN WHOIS database, last updated 2006-02-08 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.

    They, abuse@gnax.ne,t look like a much better bet to talk to about this and get something done.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Nice bit of investigative work ;)
     
  4. dacanbe

    dacanbe Registered

    Joined:
    Feb 9, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for these details. I'm gonna check gnax.net.
     
Loading...

Share This Page