Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!
FYI, HyVong, our rules say you should not resurrect a thread with no activity for over 2 weeks. (we consider the conversation "dead") However, I do appreciate your attempt to find information which fits your current problem by searching, so I certainly won't apply any penalty to your account for this. : Best practice is to start a new thread, and link to the closest historical information you could find, as I have done here. The BBCode is:-
You can find the "thread=" code in the url... so this new thread (for example) would be 918909.
Back on topic... if you are opening ports to the big wide world of the internet, one presumes you are logging active connections to it. The question is not if it stops when you close the port (of course it does, PT won't work if the port it's bound to is closed) but if the same IPs, or a range of similar IPs (check WhoIs, if you don't have a WhoIs client installed, you can use a page like
You must be registered to see links
et.el.) are connecting every time it happens.
Blocking the range of IPs will ensure you block the hacker, regardless of IP reallocation. So, if it was Google, and they where on DynIP (which we know they are not) their IP is 173.194.34.66, and the block of IPs their provider purchased to allocate to them is 173.194.0.0 - 173.194.255.255. (as determined by
You must be registered to see links
on 22nd March 2013)
Code:
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=173.194.34.66?showDetails=true&showARIN=false&ext=netref2
#
NetRange: 173.194.0.0 - 173.194.255.255
CIDR: 173.194.0.0/16
OriginAS: AS15169
NetName: GOOGLE
NetHandle: NET-173-194-0-0-1
Parent: NET-173-0-0-0-0
NetType: Direct Allocation
RegDate: 2009-08-17
Updated: 2012-02-24
Ref: http://whois.arin.net/rest/net/NET-173-194-0-0-1
OrgName: Google Inc.
OrgId: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US
RegDate: 2000-03-30
Updated: 2011-09-24
Ref: http://whois.arin.net/rest/org/GOGL
OrgAbuseHandle: ZG39-ARIN
OrgAbuseName: Google Inc
OrgAbusePhone: +1-650-253-0000
OrgAbuseEmail: arin-contact@google.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ZG39-ARIN
OrgTechHandle: ZG39-ARIN
OrgTechName: Google Inc
OrgTechPhone: +1-650-253-0000
OrgTechEmail: arin-contact@google.com
OrgTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
This is a typical WhoIs response record, but different ranges are allocated to different providers, and they, in turn, format their WhoIs response sheet differently. The same basic information has to be within it.
Yea, XTrap shouldn't get shirty about stuff like that anyway. Most people connect via a router or gateway. If you aren't in control of it, your ISP will certainly have one the other end.
These always log outside connections and who's using them. Unless you turn logging off... but why would you do that?