Scribblings from Steve
I use Akismet on this site to trap spam. But even if I didn’t and I just relied on manually approving comments what sort of stupid idiot pays people to post rubbish like the following:
Obviously its junk and would never see the light of day on anyone’s site if they have even a single brain cell in their skull.
I’ve been using spambucket as a junk email address for quite some time – this is first time someone has ever actually sent email to it.
Any email that comes to this address is automatically flagged as spam and reported back to Spamcop
So several days after reporting to Capita that they had a compromised machine on their network what do I see but the same IP address come back and start doing exactly the same thing. A search on the internet shows that other people have had this same IP address hitting them.
So tell me Capita – what are you doing to stop this criminal activity?
Given that your company runs several large scale contracts for the government but you apparently are unable to stop illegal activity from your networks what does that say about your own internal security? If that machine is compromised what else is? What machines on your network are compromised and stealing personal information on UK Citizens?
Capita – that company who the UK Government think can be trusted to run so much of our infrastructure can’t apparently stop their own network from being used to attempt to hack servers:
31.222.208.86 - - [03/Dec/2014:01:22:43 +0000] "GET /wp/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:43 +0000] "GET /Wp/wp-login.php HTTP/1.1" 404 12141 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:44 +0000] "GET /wordpress/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:44 +0000] "GET /Wordpress/wp-login.php HTTP/1.1" 404 12260 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:44 +0000] "GET /test/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:45 +0000] "GET /Test/wp-login.php HTTP/1.1" 404 12175 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:45 +0000] "GET /site/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:45 +0000] "GET /Site/wp-login.php HTTP/1.1" 404 12175 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:45 +0000] "GET /old/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:46 +0000] "GET /Old/wp-login.php HTTP/1.1" 404 12158 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:46 +0000] "GET /shop/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:46 +0000] "GET /Shop/wp-login.php HTTP/1.1" 404 12175 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:47 +0000] "GET /store/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:47 +0000] "GET /Store/wp-login.php HTTP/1.1" 404 12192 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:47 +0000] "GET /blog/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:48 +0000] "GET /Blog/wp-login.php HTTP/1.1" 404 12175 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:48 +0000] "GET /blogs/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:48 +0000] "GET /Blogs/wp-login.php HTTP/1.1" 404 12192 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:49 +0000] "GET /forum/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:49 +0000] "GET /Forum/wp-login.php HTTP/1.1" 404 12192 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /wp/wp-login.php HTTP/1.1" 404 293 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /wordpress/wp-login.php HTTP/1.1" 404 300 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /test/wp-login.php HTTP/1.1" 404 295 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /site/wp-login.php HTTP/1.1" 404 295 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /old/wp-login.php HTTP/1.1" 404 294 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /shop/wp-login.php HTTP/1.1" 404 295 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /store/wp-login.php HTTP/1.1" 404 296 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /blog/wp-login.php HTTP/1.1" 404 295 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /blogs/wp-login.php HTTP/1.1" 404 296 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /forum/wp-login.php HTTP/1.1" 404 296 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the “-B” flag.
% Information related to ‘31.222.208.0 – 31.222.208.255’
% Abuse contact for ‘31.222.208.0 – 31.222.208.255’ is ‘lir @ capita.co.uk’
inetnum: 31.222.208.0 – 31.222.208.255
netname: OPENHIVEisp
descr: Capita
country: GB
remarks: INFRA-AW
org: ORG-AGP1-RIPE
admin-c: SYN3-RIPE
tech-c: SYN3-RIPE
status: ASSIGNED PA
mnt-by: synetrix
source: RIPE # Filtered
organisation: ORG-AGP1-RIPE
org-name: Synetrix (Holdings) Limited
org-type: LIR
address: Synetrix Neil Tramaseur Synetrix House, 49 – 51 Victoria Rd GU14 7PA Farnborough UNITED KINGDOM
phone: +44 1252 405600
fax-no: +44 1252 405605
abuse-mailbox: lir @ synetrix.co.uk
admin-c: NT722-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: synetrix
mnt-by: RIPE-NCC-HM-MNT
abuse-c: SA3890-RIPE
source: RIPE # Filtered
role: Synetrix Ltd
address: Innovation Court
address: New Street
address: Basingstoke
address: Hampshire
address: RG21 7DN
phone: +441256 383600
abuse-mailbox: lir @ capita.co.uk
admin-c: SA3890-RIPE
tech-c: ST2925-RIPE
nic-hdl: SYN3-RIPE
mnt-by: synetrix
source: RIPE # Filtered