XFileSharing Pro - Avoid scanners for usernames and password

Message
Author
stamos
Posts: 139
Joined: Nov 11, 2010 5:37 pm

Avoid scanners for usernames and password

#1 Postby stamos » Jun 25, 2012 6:43 pm

Has anyone a good idea what to do against those password scanners?

They posting my site full with different usernames/password combinations in order to obtain access to premium accounts.

Those posts are from 1000 different IPs at the same time, almost like a DDOs attack:

Code: Select all

186.90.29.230 - - [25/Jun/2012:16:25:06 +0200] "POST / HTTP/1.1" 200 4773 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:16:25:10 +0200] "POST / HTTP/1.1" 200 4774 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:16:25:21 +0200] "POST / HTTP/1.1" 200 4775 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
186.90.29.230 - - [25/Jun/2012:16:25:21 +0200] "POST / HTTP/1.1" 200 4774 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:16:25:21 +0200] "POST / HTTP/1.1" 200 4769 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
186.90.29.230 - - [25/Jun/2012:16:25:21 +0200] "POST / HTTP/1.1" 200 4774 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:16:25:24 +0200] "POST / HTTP/1.1" 200 4777 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:16:25:25 +0200] "POST / HTTP/1.1" 200 4776 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:16:25:24 +0200] "POST / HTTP/1.1" 200 4774 "http://www.xxxx.com" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
186.90.29.230 - - [25/Jun/2012:16:25:27 +0200] "POST / HTTP/1.1" 200 4776 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:16:25:27 +0200] "POST / HTTP/1.1" 200 4774 "http://www.xxxx.com" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
186.90.29.230 - - [25/Jun/2012:16:25:29 +0200] "POST / HTTP/1.1" 200 4776 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:16:25:26 +0200] "POST / HTTP/1.1" 200 4776 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
186.90.29.230 - - [25/Jun/2012:16:25:30 +0200] "POST / HTTP/1.1" 200 4776 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
186.90.29.230 - - [25/Jun/2012:17:12:33 +0200] "POST / HTTP/1.1" 200 4774 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
186.90.29.230 - - [25/Jun/2012:17:12:39 +0200] "POST / HTTP/1.1" 200 4776 "http://www.xxxx.com" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
186.90.29.230 - - [25/Jun/2012:17:12:46 +0200] "POST / HTTP/1.1" 200 4774 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
186.90.29.230 - - [25/Jun/2012:17:12:52 +0200] "POST / HTTP/1.1" 200 4776 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:17:38:33 +0200] "POST / HTTP/1.1" 200 4776 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:17:38:45 +0200] "POST / HTTP/1.1" 200 4774 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:17:46:44 +0200] "POST / HTTP/1.1" 200 4778 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
186.90.29.230 - - [25/Jun/2012:17:46:56 +0200] "POST / HTTP/1.1" 200 4777 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
186.90.29.230 - - [25/Jun/2012:18:11:02 +0200] "POST / HTTP/1.1" 200 4778 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:18:11:04 +0200] "POST / HTTP/1.1" 200 4775 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
186.90.29.230 - - [25/Jun/2012:18:11:11 +0200] "POST / HTTP/1.1" 200 4774 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:18:21:31 +0200] "POST / HTTP/1.1" 200 4769 "http://www.xxxx.com" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
186.90.29.230 - - [25/Jun/2012:18:21:32 +0200] "POST / HTTP/1.1" 200 4783 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
186.90.29.230 - - [25/Jun/2012:18:21:45 +0200] "POST / HTTP/1.1" 200 4780 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:18:21:48 +0200] "POST / HTTP/1.1" 200 4776 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:18:21:45 +0200] "POST / HTTP/1.1" 200 4777 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
186.90.29.230 - - [25/Jun/2012:18:21:52 +0200] "POST / HTTP/1.1" 200 4775 "http://www.xxxx.com" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
186.90.29.230 - - [25/Jun/2012:18:21:52 +0200] "POST / HTTP/1.1" 200 4774 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:18:28:12 +0200] "POST / HTTP/1.1" 200 4778 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:18:28:18 +0200] "POST / HTTP/1.1" 200 4778 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:18:30:03 +0200] "POST /?op=login HTTP/1.1" 200 4807 "-" "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)"
186.90.29.230 - - [25/Jun/2012:20:07:29 +0200] "POST / HTTP/1.1" 200 4856 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
186.90.29.230 - - [25/Jun/2012:20:07:30 +0200] "POST / HTTP/1.1" 200 4855 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
186.90.29.230 - - [25/Jun/2012:20:07:42 +0200] "POST / HTTP/1.1" 200 4856 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
186.90.29.230 - - [25/Jun/2012:20:07:50 +0200] "POST /?op=login HTTP/1.1" 200 4670 "-" "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)"
186.90.29.230 - - [25/Jun/2012:20:18:13 +0200] "POST / HTTP/1.1" 200 4613 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
186.90.29.230 - - [25/Jun/2012:20:18:20 +0200] "POST / HTTP/1.1" 200 4613 "http://www.xxxx.com" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
186.90.29.230 - - [25/Jun/2012:20:18:23 +0200] "POST / HTTP/1.1" 200 4613 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
186.90.29.230 - - [25/Jun/2012:20:18:24 +0200] "POST / HTTP/1.1" 200 4613 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:20:18:25 +0200] "POST / HTTP/1.1" 200 4613 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
186.90.29.230 - - [25/Jun/2012:20:18:29 +0200] "POST / HTTP/1.1" 200 4613 "http://www.xxxx.com" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
186.90.29.230 - - [25/Jun/2012:20:18:30 +0200] "POST / HTTP/1.1" 200 4613 "http://www.xxxx.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
186.90.29.230 - - [25/Jun/2012:20:18:33 +0200] "POST / HTTP/1.1" 200 4613 "http://www.xxxx.com" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"

trinsic
Posts: 149
Joined: Dec 21, 2009 9:24 am

#2 Postby trinsic » Jun 26, 2012 1:22 am

Use a captcha on login?

stamos
Posts: 139
Joined: Nov 11, 2010 5:37 pm

#3 Postby stamos » Jun 26, 2012 10:47 am

yeah we did that today, now the download managers wont work anymore :-/