{"id":4553,"date":"2023-06-22T11:43:47","date_gmt":"2023-06-22T10:43:47","guid":{"rendered":"https:\/\/phenweb.co.uk\/?p=4553"},"modified":"2026-04-16T12:15:37","modified_gmt":"2026-04-16T11:15:37","slug":"trying-to-hack-my-web-site","status":"publish","type":"post","link":"https:\/\/phenweb.co.uk\/es\/trying-to-hack-my-web-site\/","title":{"rendered":"Trying To Hack My Web Site"},"content":{"rendered":"\n

Attempts continue daily trying to hack my web site. On multiple occasions I have approached IP address holder via the WHOIS service<\/a> to complain and received bland reassurances. An example of the recent IP address is below the table. Once a host has been established from where the hacking attempt is coming from, you then have to fill in the contact form or abuse form for the host company. A few days later you’ll get a bland reassurance back and the hacks continue sometimes from the same IP address. In the table below, I have listed some<\/em> of these hacking attempts over the last month. I get 50-100 every 24 hours. I’ll probably get more now.<\/p>\n\n\n\n

UPDATE<\/h2>\n\n\n\n

Nothing back from web sites about IP addresses and in last 48 hours 1-3 Aug 2023 I’ve logged over 500 attempts. Waste of bandwidth….<\/p>\n\n\n\n

Purpose of Trying To Hack My Web Site<\/h2>\n\n\n\n

It’s unclear why these bots or their instigators are trying to hack my site. The site has reputational value to me, but has no e-commerce element except links to book sites. It does not hold membership lists of thousands – in fact no members with no private data, except cookie lists – see privacy policy<\/a>. It may be fun but it’s just a pain and so far unsuccessful. I’m not saying what my user account name is for admin access. Nor am I giving out a password\/phrase but it’s strong and then there is 2FA, Two-Factor Authentication. That means these brute force attempts get nowhere even if they did get my username and password.<\/p>\n\n\n

\n
\"Hacker<\/figure>\n<\/div>\n\n\n

It’s all a colossal waste of time and resources for all parties. Having worked in the cyber security field, I know how much effort this costs for a company and what sort of reward these criminals are after. The databases or monetary ransom from encryption, but again why my site?<\/p>\n\n\n\n

Dear hackers give it a rest. Why not use your skills for the betterment of human life? Mind you with the endless efforts of Government agencies <\/a>some of which have leaked into the open this is an ongoing battle. Hadn’t realised this comes 10 years after Snowden’s revelations.<\/a><\/p>\n\n\n\n

Table of IP Addresses<\/h2>\n\n\n\n
Date<\/strong><\/td>IP<\/strong> Address<\/strong><\/td>User<\/strong> Account<\/strong> attempted<\/strong><\/td><\/tr>
June 22, 2023 07:24<\/td>152.32.189.117<\/td>admin (3 lockouts)<\/td><\/tr>
June 22, 2023 06:12<\/td>148.72.244.186<\/td>phenweb (1 lockouts)<\/td><\/tr>
June 21, 2023 20:14<\/td>45.120.69.121<\/td>admin (1 lockouts)<\/td><\/tr>
June 21, 2023 01:23<\/td>2a03:b0c0:1:d0::e6c:f001<\/td>phenweb (1 lockouts)<\/td><\/tr>
June 20, 2023 06:10<\/td>148.72.214.194<\/td>admin (2 lockouts)<\/td><\/tr>
June 19, 2023 15:32<\/td>66.94.96.129<\/td>admin (2 lockouts)<\/td><\/tr>
June 19, 2023 12:51<\/td>103.179.56.32<\/td>admin (2 lockouts)<\/td><\/tr>
June 19, 2023 06:15<\/td>35.187.58.136<\/td>admin (1 lockouts)<\/td><\/tr>
June 19, 2023 05:50<\/td>134.122.123.193<\/td>admin (1 lockouts)<\/td><\/tr>
June 18, 2023 03:50<\/td>2a03:b0c0:1:d0::ee2:c001<\/td>wwwadmin (1 lockouts)<\/td><\/tr>
June 13, 2023 00:03<\/td>2607:f298:5:6000::cb9:8de4<\/td>admin (1 lockouts)<\/td><\/tr>
June 09, 2023 13:22<\/td>2a03:b0c0:1:d0::ee2:c001<\/td>admin (1 lockouts)<\/td><\/tr>
June 09, 2023 07:18<\/td>167.99.86.104<\/td>admin (1 lockouts)<\/td><\/tr>
June 09, 2023 03:46<\/td>2a00:d680:20:50::4379<\/td>admin (3 lockouts)<\/td><\/tr>
June 07, 2023 00:40<\/td>5.188.62.21<\/td>pghadmin (9 lockouts)<\/td><\/tr>
June 05, 2023 22:35<\/td>150.109.148.216<\/td>admin (1 lockouts)<\/td><\/tr>
June 05, 2023 12:13<\/td>185.2.4.134<\/td>wadminw (1 lockouts)<\/td><\/tr>
June 04, 2023 09:13<\/td>46.105.29.21<\/td>admin (1 lockouts)<\/td><\/tr>
June 03, 2023 11:35<\/td>2001:41d0:403:1680::<\/td>admin (1 lockouts)<\/td><\/tr>
June 03, 2023 05:13<\/td>2a00:d680:20:50::f4dc<\/td>admin (2 lockouts)<\/td><\/tr>
June 02, 2023 00:58<\/td>195.154.184.235<\/td>admin (1 lockouts)<\/td><\/tr>
June 01, 2023 15:25<\/td>157.230.249.54<\/td>admin (1 lockouts)<\/td><\/tr>
May 25, 2023 20:51<\/td>47.111.116.44<\/td>admin (1 lockouts)<\/td><\/tr>
May 25, 2023 12:44<\/td>2607:f298:5:6000::d15:5580<\/td>admin (1 lockouts)<\/td><\/tr>
May 25, 2023 11:17<\/td>116.109.45.9<\/td>wwwadmin (1 lockouts)<\/td><\/tr>
May 25, 2023 05:14<\/td>2400:6180:0:d0::f6f:3001<\/td>admin (3 lockouts)<\/td><\/tr>
May 24, 2023 19:15<\/td>23.99.229.218<\/td>admin (1 lockouts)<\/td><\/tr>
May 24, 2023 18:32<\/td>24.199.86.99<\/td>admin (1 lockouts)<\/td><\/tr>
May 23, 2023 01:51<\/td>51.79.144.41<\/td>admin (2 lockouts)<\/td><\/tr>
May 22, 2023 12:22<\/td>2001:41d0:403:1680::<\/td>wadminw (1 lockouts)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

WHOIS Trying to Hack My Web Site<\/h2>\n\n\n\n

Whois IP 152.32.189.117<\/h1>\n\n\n\n

The IP is registered to Hong Kong and UCloud. They have an abuse email hegui@ucloud.cn. I won’t hold out any hope of a response but I’ve tried. How else can I stop people trying to hack my web site.<\/p>\n\n\n\n

% [whois.apnic.net]\n% Whois data copyright terms    http:\/\/www.apnic.net\/db\/dbcopyright.html\n\n% Information related to '152.32.128.0 - 152.32.255.255'\n\n% Abuse contact for '152.32.128.0 - 152.32.255.255' is '@ucloud.cn'\n\ninetnum:        152.32.128.0 - 152.32.255.255\nnetname:        UCLOUD-HK\ndescr:          UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED\ncountry:        HK\norg:            ORG-UITL1-AP\nadmin-c:        UITH2-AP\ntech-c:         UITH2-AP\nabuse-c:        AU164-AP\nstatus:         ALLOCATED PORTABLE\nremarks:        --------------------------------------------------------\nremarks:        To report network abuse, please contact mnt-irt\nremarks:        For troubleshooting, please contact tech-c and admin-c\nremarks:        Report invalid contact via www.apnic.net\/invalidcontact\nremarks:        --------------------------------------------------------\nmnt-by:         APNIC-HM\nmnt-lower:      MAINT-UCLOUD-HK\nmnt-routes:     MAINT-UCLOUD-HK\nmnt-irt:        IRT-UCLOUD-HK\nlast-modified:  2022-05-16T03:40:43Z\nsource:         APNIC\n\nirt:            IRT-UCLOUD-HK\naddress:        FLAT\/RM 603 6\/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong\ne-mail:         @ucloud.cn\nabuse-mailbox:  @ucloud.cn\nadmin-c:        UITH2-AP\ntech-c:         UITH2-AP\nauth:           # Filtered\nremarks:        @ucloud.cn was validated on 2022-12-29\nremarks:        @ucloud.cn was validated on 2022-12-30\nmnt-by:         MAINT-UCLOUD-HK\nlast-modified:  2022-12-30T07:26:18Z\nsource:         APNIC\n\norganisation:   ORG-UITL1-AP\norg-name:       UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED\ncountry:        HK\naddress:        FLAT\/RM 603 6\/F\naddress:        LAWS COMMERCIAL PLAZA\naddress:        788 CHEUNG SHA WAN ROAD, KL,\nphone:          +86-18221224857\ne-mail:         @ucloud.cn\nmnt-ref:        APNIC-HM\nmnt-by:         APNIC-HM\nlast-modified:  2019-12-10T12:58:29Z\nsource:         APNIC\n\nrole:           ABUSE UCLOUDHK\naddress:        FLAT\/RM 603 6\/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong\ncountry:        ZZ\nphone:          +000000000\ne-mail:         @ucloud.cn\nadmin-c:        UITH2-AP\ntech-c:         UITH2-AP\nnic-hdl:        AU164-AP\nremarks:        Generated from irt object IRT-UCLOUD-HK\nremarks:        @ucloud.cn was validated on 2022-12-29\nremarks:        @ucloud.cn was validated on 2022-12-30\nabuse-mailbox:  @ucloud.cn\nmnt-by:         APNIC-ABUSE<\/pre>\n","protected":false},"excerpt":{"rendered":"
Attempts continue daily trying to hack my web site. On multiple occasions I have approached IP address holder via the WHOIS service to complain and received bland reassurances. An example of the recent IP address is below the table. Once a host has been established from where the hacking attempt is coming from, you then […]<\/p>\n","protected":false},"author":1,"featured_media":4555,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[1888,315,525,548,753,1886,1885,1887],"class_list":["post-4553","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-commentary-blogs","tag-hack","tag-hacking","tag-online-writing","tag-philip-g-henley","tag-the-register","tag-ucloud","tag-web-site","tag-whois"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t