How far this helps is not clear. You just blocked an italian and a russian provider. Have you tried to send a mail to the "abuse" mailbox?
route: 213.92.0.0/17 descr: I.NET Customer Nets block origin: AS3313 remarks: 4nd block released to it.inet local registry. mnt-by: INET-NOC source: RIPE # Filtered remarks: trouble: -------------------------------------------- remarks: trouble: -- For any mail abuse or network incident remarks: trouble: -- please report to abuse@inet.it remarks: trouble: --------------------------------------------
213.248.0.0/19 descr: Digital Network JSC descr: Moscow, Russia descr: http://www.msm.ru descr: aggregate prefix origin: AS12695 mnt-by: DN-MNT source: RIPE # Filtered abuse-mailbox: abuse@msm.ru
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of William Lewis Sent: Monday, September 29, 2014 17:40 To: AMPRNet working group Subject: Re: [44net] Apache2 log - suspicious entries...
(Please trim inclusions from previous messages) _______________________________________________ Thanks Tom,
I also have 213.92.0.0/16 and 213.248.0.0/16 on permanent ban for hacking attempts against my JNOS.
Bill KG6BAJ
At 12:48 AM 09/29/14, you wrote:
(Please trim inclusions from previous messages) _______________________________________________ Greetings to everybody.
****I want direct your attention to two networks that lately I'm seeing in my Apache2 log files:
5.141.0.0/16 213.33.130.0/24
Log entries are at least suspicious. I keep sharp lookout.
Best regards. Tom - sp2lob