OpenDNS Forums
The official support and discussion site of OpenDNS
Support
K-12 Forums
Categories
- Administrative
- Adult site blocking
- DNS-O-Matic / dynamic IPs
- Domain blocking
- Domain Name System (DNS) troubles
- Mobile instructions
- OpenDNS services
- Proxies, accelerators, and more
- Router instructions
- Satellite
- Shortcuts
- Wishlists and feature requests
-
Feeds
Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.
This discussion has been inactive for longer than 30 days, and is thus closed.
-
The IP range of Opendns is
67.215.64.0 - 67.215.95.255
but there is a persistent hacker appearing to operate from IP address
67.215.65.132
You can see some of the content of one of the redirects here
http://www.blueravenltd.com/oce/id?&xid=a781831aa2fc96f7eb69432d417b51bd
If you look up the IP address of blueravenltd.com you get 72.9.234.42
but blueravenltd.com/oce ( SAYS) it points to 67.215.65.132
The hacker has many other web sites operating from 67.215.65.132 and redirects PHP information so that he/ she can use sites for spamming.
Question: Which is the real hacker ? and how can we block them out ?
I am thinking its actually 72.9.234.42
Can you help us out here ? -
- CommentAuthorinfinity306
- CommentTimeJan 19th 2009
I don't get blueravenltd.com/oce pointing to anything but 72.9.234.42.. just checked opendns cache..and nslookup.. so not sure why yours is point to the 67.215.65.132.. although it seems that that address may not be an Opendns ip even though it's in Opendns's range.. as i checked it with yougetsignal.com for other websites on it and it listed 3 french website addresses(.fr) -
- CommentAuthormaintenance
- CommentTimeJan 19th 2009
67.215.65.132 is OpenDNS
OrgName: OpenDNS, LLC
OrgID: OPEND-2
NetRange: 67.215.64.0 - 67.215.95.255
CIDR: 67.215.64.0/19
OriginAS: AS36692
NetName: OPENDNS-NET-3
NetHandle: NET-67-215-64-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Assignment
NameServer: AUTH1.OPENDNS.COM
...etc...
# ARIN WHOIS database, last updated 2009-01-18 19:10
BUT
Domain Information for blueravenltd.com
IP address 72.9.234.42
Registrant: & Administrative Contact, Technical Contact:
Bashir, Tahsin wf3rm97u66r@networksolutionsprivateregistration.com
ATTN: BLUERAVENLTD.COM
c/o Network Solutions
P.O. Box 447
Herndon, VA 20172-0447
and if I visit 67.215.65.132, I get the OpenDNS Guide, which says 67.215.65.132 is not loading.
blueravenltd.com/oce links to a parent directory and a file named id, which is a script. The top level page simply says it is -Blue Raven, authorized distributor for Erze- with a link. Erze is apparently some Turkish company that makes things from plastic. -
- CommentAuthormaintenance
- CommentTimeJan 19th 2009
Anyhow, what indications do you have that a hacker (by which I assume you mean 'malicious hacker') is operating (doing what?) from either of these addresses? -
67.215.65.132 is the IP address of hit-nxdomain.opendns.com. When you get this returned for any nameserver lookup, then the DNS could not resolve the domain at this time for whatever reason. No hacker is behind this, but this is how OpenDNS works.
If this happens, visit http://www.opendns.com/support/cache/
Edit: Sorry maintenance, our contributions were overlapping.Thankful People: billso, maintenance, kingsltd -
- CommentAuthormaintenance
- CommentTimeJan 20th 2009
So, it makes perfect sense that calling 67.215.65.132 would get you a "not loading" page, as that is its job. LOL.
1 to 6 of 6
This discussion has been inactive for longer than 30 days, and is thus closed.