I have always had problems with hackers, since I installed COMODO I have now identified the source of my misery from the log file. The message i get is" Inbound policy violation" and the IP address from which the attempt has been made is 212.88.97.67 my log shows as many as 100 attempts in one hour! What can I do to stop this onslaught and how can I trace this source?
Welcome to the anti-hackers’ paradise–(or forum, however you prefer it), patel (:WAV).
If you’re receiving inbound policy violations, it means that CPF has blocked the attempted connections, so you’re protected. To trace the IP, there are lots of sites. Most popular seems to be Who Is: http://www.arin.net/whois/
Hi patel.
The address you are seeing in your logs appears to belong to an organisation called mtn.co.ug, which is based in Uganda. Specifically the address belongs to a mail server.
IP: 212.88.97.67
Reverse: mail.mtnconnect.co.ug
tester.mtnconnect.co.ug
is this an organisation you know about?
Toggie
Hopefully it isn’t your workplace like your boss or subordinate who’s after you 88) ;D.
How come I queried a different result with that site above? And why are there so many different sites that seem to use who is? I couldn’t figure out the official site.
OrgName: RIPE Network Coordination Centre
City: Amsterdam
Country: NL
I got the Amsterdam info when I did a who is, but a traceroute gave the Uganda link. further investigation using http://www.robtex.com/ gave the detail.
Not sure what the Amsterdam thing is…
Toggie
Unfortunately any hacker worth their salt will go through anonymous proxies or a easily hacked computer without a firewall.
The chances of someone/thing getting through(inbound) an up-to-date router or software firewall is slim to say the least unless you are running server type programs which need to be up-to-date and properly configured.