Dear Provider,


I’m George Egri, the Co-Founder and CEO of BitNinja Server Security. I’m writing to inform you that we have detected malicious requests from the IP 178.162.197.1 directed at our clients’ servers.


As a result of these attacks, we have added your IP to our greylist to prevent it from attacking our clients’ servers.


Servers are increasingly exposed as the targets of botnet attacks and you might not be aware that your server is being used as a “bot” to send malicious attacks over the Internet.


I've collected the 3 earliest logs below, and you can find the freshest 100, that may help you disinfect your server, under the link.
http://bitninja.io/incidentReport.php?details=712b6072a3484b4fd2 . The timezone is UTC +2:00.

<pre style='padding:10px 20px; background:#e6e6e6;margin-bottom:10px'>Url: [magfuzio.hu/wp-content/uploads/2014/01/twitter_logo1-Copy.png]
Agent: [Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.91 Safari/537.36]
</pre><pre style='padding:10px 20px; background:#e6e6e6;margin-bottom:10px'>Url: [allofvpn.com/vpn-on-apple-tv/img/logo.png]
Agent: [Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12B440 iPhone6,1 BingWeb/5.3.2.834.20141216]
</pre><pre style='padding:10px 20px; background:#e6e6e6;margin-bottom:10px'>Url: [allofvpn.com/vpn-on-apple-tv/css/style.css]
Agent: [Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12B440 iPhone6,1 BingWeb/5.3.2.834.20141216]
</pre>

Please keep in mind that after the first intrusion we log all traffic between your server and the BitNinja-protected servers until the IP is removed from the greylist. This means you may see valid logs beside the malicious actions in the link above. If you need help finding the malicious logs, please don’t hesitate to contact our incident experts by replying to this e-mail.

For more information on analyzing and understanding outbound traffic, check out this:
https://doc.bitninja.io/_images/bitninja-incident-report-1.jpg

We’ve also dedicated an entire site help people prevent their server from sending malicious attacks: 
https://doc.bitninja.io/investigations.html


Our incident experts are also happy to help you and can provide detailed logs if needed. Please, feel free to connect me with the administrator or technical team responsible for managing your server.


Thank you for helping us make the Internet a safer place!


Regards,


George Egri
CEO at BitNinja.io

BitNinja.io @ BusinessInsider UK

BitNinja.io hits the WHIR.com
BitNinja @ CodeMash conference


Could not verify this was truly a  DoS




Also Read

California - 106 Notices of Claimed Infringements May 11
More Abusive DMCA reports from a single file.-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1...
NJ Port Scanning
We have blocked someone from your IP space for abuse. Reason: Port Scanning. Log lines are below....
New Jersey DMCA - True Detective S01E01 HDTV x264-KILLERS[ettv]
DATE:2014-04-11T00:45:32ZDear Sir/Madam,We are writing this message on behalf of HOME BOX OFFICE,...
New Jersey - DDOS from 108.61.1xx.xxx
Recently, we have detected a DDOS attack from 108.61.1xx.xxx:53. Based on the source port number,...
California - Notice of Claimed Infringement Case 8 Cases
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1VIA EMAIL:Notice of Claimed Infringement via...