Email: accounts@kynd.com or peer support team@kynd.com.au or personal sarah@kynd.com.au or jaynie@kynd.com.au
Kynd is a Australian Private Company. first registered with the Government on 10th November 2016. Current registered place of business, 22 Honeysuckle Dr Newcastle NSW 2300. This doesn’t mean they operate from there. That’s just where the official government documents go. This location has changed a few times since registering with ASIC several years ago.
They like living and operating business near the beach. Starting from the Sunshine Coast, later moving to the Gold Coast, Queensland.
Their competition operate out of offices in the Capital cities for ease of access and professionalism. Kynd don’t publish their physical business address as done by leading competition. Probably due to operating from a house or apartment along the coast, away from the capital cities. Sometimes you need to visit their office for face contact. Kynd makes that a difficult, impossible thing to do.
Kynd don’t display neither a physical or postal address on their invoices. If you want to take legal action against them, the lawyer will charge you additional fees to try and track them down to issue court documents. Kynd will not issue receipts and ignore your requests for receipts. The law requires a receipt is issued for goods and services totally more than $75 and must be given when requested for values lesser than $75.
Does Kynd have insurance? Am I protected? Does Kynd insurance cover the disabled NDIS participants? Short answer, no. In effect, not the cover you are mislead into believing. Kynd has no cover for you! When you look closely, you soon discover the protection they mention is all about them. Not you.
Kynds insurance cover is all about protecting themselves. Kynd offers no protection to NDIS participants. You use Kynd services at your own risk. If you are injured by a support worker or while under their care you cannot get compensation from Kynd.
Not sure where Kynd operates from. I do know they like sea and surf (Beach bums). I do know last year operated from a private home located on the Gold Coast, before that the Sunshine coast, now on the coast of New South Wales as a collection agency and connects vulnerable disabled NDIS participants with contractors. A large portion of NDIS support workers have little to no experience in assisting the disabled and get payed as much, if not more than a 1st year doctor. Go figure that one out! Perhaps Kynd should be like the professionals and operate from an office in the city and not near a beach. I would expect after 8 years, they would have gained a better status by migrating from a private home into a professional office.
The thing to keep in mind about Kynd is, they are nothing more than a collection agency that assists in connecting you with NDIS support workers. Recieving a 12% fee. This is not a guarantee of safety and protection for you the client, as they mislead you into believing. The NDIS warns against using such services as they don’t provide the dissabled the same level of protection as do the NDIS approved providers, such as Hireup. Kynd is NOT NDIS approved.
What happens if I am injured while under the care of a Kynd support worker?
From experience it’s not worth reporting to Kynd an injury as they will take no action and refer your complaint, claim to the contractor. So, should I report injury to Kynd? NO, Kynd are not interested, they need to work on their tan. What you need to do is report the incident to the NDIS Safeguard commission and include with your report that the contractor is contracted through Kynd. Highlight Kynd in the report as I did. This will assist the NDIS safeguard commission. If many reports are made that link Kynd to support workers and injured disabled the NDIS will take action against Kynd. Kynd contractors seem not to report to the NDIS safeguard commission incidents as is legally required.
An age care nurse gets around $30 an hour and must have certification in age care. It is more profitable to be a NDIS support worker than an age care nurse. This may explain the shortage in age care nurses in Australia. Age care nurses are abandoning age care for the more profitable NDIS support worker requiring no experience or formal qualifications and apparently, answer to know one.
How many support workers does Kynd have?
After 8 years, not many at all. When advertising for a support worker on both Kynd and Mable I had one respond from Kynd and 12+ from Mable and several from Hireup. Mable has much more support workers to choose from than Kynd.
Will Kynd gain as much popularity as Mable and Hireup?
Not likely. Kynd platform is lacking in many features and transparency, and insurance cover. Their competition have transparency of insurance details, better platform and give greater access to your account. Mable and Hireup have full transparency / disclosure to the NDIS participants. Kynd do not.
Comparing Kynd to Mable NDIS support.
Kynd does not give you online access to past and present invoices. Kynd does not provide you online details of when they paid the contractor. Kynd does not give you a receipt for payments made. Kynd, annoyingly can invoice you 6 times within a fortnight and pay the contractor fortnightly. If you you love paperwork and dealing with several invoices a fortnight and making several bank transfers to Kynd per fortnight, Kynd is for you!
Their competition, the major players, Mable and Hireup, professionally invoice you once per week on the same day of the week. Making paperwork and the payment process a pleasurable experience. If at all in the future you wish to view payment records and replace a receipt for payments made, just log in to Mable and view/download again. Not with Kynd, you get no receipt, no access to past invoices online.
Kynd is very opaque with a notable reluctance to transparency and some of this is contributed to lack of professionalism. Not even publishing their physical place of business. When I think of kynd, I think of Chinese food. You’re left feeling bloated and later unsatisfied.
Mable, invoices you weekly on the same day of week and pays the support working within an hour or two of receiving your payment. Mable, provides you with a receipt and also the date and time they paid the support worker. Mable is more professional than Kynd. Mable gives you online access to past invoices, receipts and record of when support worker had been paid. Mable insurance policy, unlike Kynd is fully transparent and details easily viewed online. With Kynd, you have to make a written request.
Trivia
Trivia time: Support workers gave themselves a 50% pay increase in 2021. Average payments went from $40 an hour to $65 an hour. The Government have little idea how ridiculous it is that a person with no experience or qualifications is able to get paid $60+ an hour to assist disabled persons. When I’ve spoken to friends, family and associates about the pay rate of NDIS support workers they are all shocked. They had no idea the amount of money they get. The NDIS is lucrative for those wanting easy and good money and is open to abuse.
An age care nurse gets around $30 an hour and must have certification in age care. It is more profitable to be a NDIS support worker than an age care nurse. This may explain the shortage in age care nurses in Australia. Age care nurses are abandoning age care for the more profitable NDIS support worker requiring no experience or formal qualifications.
Support workers, like foster children are easy to identify in public. Support workers are often seen walking with phone in hand next to a disabled person. Paying more attention to the phone than the often frail, vulnerable disabled person. Next time you see a support worker with a disabled person playing with their phone say something like. “Easy job, $60 an hour to look after your phone and pay more attention to your friends/family”
How to UFW insert deny IPV6 address on Ubuntu 24.0? How can you UFW insert reject IPV6 address on Ubuntu?
This tutorial shows you how to insert a deny IPV6 rule or how to add ipv6 tcp/udp deny rule and provides scripts to easily insert the deny ipv6 rule to the top of the ufw rules above the allowed rules.
Yes you can insert an IPV6 rule into UFW but there it’s not as easy unless you know the upper most position of your IPV6 allow rules.
I have a written a script that you can execute from a shell a insert deny from an IPV6 address so that it’s above your IPV6 allow rules.
You will require shell access (SSH) and copy and past the following code into a script. I use this to deny pesty spammer / hackers that are using bad code (simple minded code) to pester your mail or http server.
I called my script by a simple name “ban” it contains 3 parts. Are you confused? Don’t be as I will explain each part.
You will need to create a BASH and a PHP script and an empty file with the extension “.dat”. I will explain what each does and the code to place into each.
Each file explained:
ban.dat will contain the IP address you ban
ban without extension is the BASH script. Without extension makes it easy to you to type on command line ./ban IP ADDRESS If you prefer you can call it ban.sh but you will have to from command line enter ban.sh IP address to ban.
ban.php This is the grunt that processes the IP address to ban and is called by the BASH script “ban”. It will allow you to easily insert both IPV4 and IPV6 addresses into UFW to ban.
The process: When you ban an ip like so ban xxx.xxx.xxx.xxx that address whether IPV4 or IPV6 will be inserted at the top of UFW rules (Top for IPV4 and top for IPV6). When added their IP is added to ban.dat file along with an expire time in Unix format like so xxx.xxx.xxx.xxx^EXPIRE-TIME. To remove those in the ban list you will issue the command php ban.php clean which will process those banned and any banned will be removed from the UFW ban when the expiry time elapses. You can automate the process using crontab by running it daily or as often as you want. I run mine daily, See and the end of this page my crontab examples as done on my 3 servers.
First: create the ban.dat file. From command line type echo “” > ban.dat and that will create the initial already banned ban.dat file than create the ban.log file echo “” > ban.log
Second: Create the BASH script called ban and past the following code into it.
#!/bin/bash # This will accept up to 3 seperate IP addresses on the command line to pass to the ban.php script # example: ban xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx # would ban 3 IP is one go
# Change this to location of the ban.* files PATH="/root"
echo "Adding IP: $1"
if [ "$2" != "" ]; then echo "Adding $2" /usr/bin/php $PATH/ban.php $2 fi
if [ "$3" != "" ]; then echo "Adding $3" /usr/bin/php $PATH/ban.php $3 fi
if [ "$4" != "" ]; then echo "Adding $4" /usr/bin/php $PATH/ban.php $4 fi
Third: Create the PHP script ban.php and past the following code
<?PHP // Calling this like so: ban.php clean will remove expired banned // You can call this directly: php ban.php XXX.xxx.xxx.xxx or use the bash script to call it ./ban XXX.XXX.XXX.XXX
// Change this to path/directory of the ban.* files $PATH="/root";
// Change this to your time zone (Used for the logs) date_default_timezone_set('Australia/Brisbane');
// In hours, how long to ban the IP address $BanTime = 25;
///////// This is to process IPV6 insert at top of the IPV6 entries // This rountine simply locates the insert point for IPV6 // It's the same as using insert 1 on IPV4 which does not work on IPV6
$insert = 1; // The Search() is used to determine if an IPV4 or IPV6 address if( Search(":",$BAN) ) { $index=-3;$insert=0; shell_exec("/usr/sbin/ufw status numbered > ".$PATH."/ban.ufw"); $lines = file($PATH.'/ban.ufw'); foreach($lines as $line) { if($insert == 0 && Search("(v6)",$line)) { $insert = $index; } $index++; } }
///////// END process IPV6 insert
$RESULT=shell_exec("/usr/sbin/ufw insert ".$insert." deny log from ".$BAN." comment \"Banned by ME\""); if($RESULT == $BAN." Already banned"){ echo $RESULT."\n"; exit(); } $out = fopen($PATH.'/ban.dat', 'a'); $data = $BAN."^".(time()+$BanTime)."\n"; fwrite($out, $data); fclose($out); fwrite($log,date("Y-m-d H:i")." Added ".$BAN." to UFW by ME"."\n"); fclose($log);
?>
After creating the files you should do: chmod 700 ban.php (Execute/Read/Write) for you chmod 700 ban.sh (Execute/Read/Write) for you chmod 600 ban.dat (Read/Write) for you chmod 600 ban.log (Read/Write) for you
Each time you ban someone it will be recorded in the ban.log. If you crontab ban.php clean the remove of IP from ban and UFW will also be recorded
Crontab examples to run the clean the ban list
Edit your crontab. crontab -e Past the code and it will run ban.php clean every hour to remove expired banned from those you used ban.php to ban with.
The above crontab will execute the php script hourly to remove from UFW (uncomplicated firewall) those you previously banned after expire time elapses.
Don’t forget to change the path/directory’s to match the location of where you created the ban.php file(s) etc. (I like using root) can be dangerous as I once found out when I in error deleted the entire server excluding the protected directories. Thank goodness for my moto – backup, backup and backup and you can never do too many backups!
The trailing >/dev/null 2>&1 tells crontab not to send you an email. Obviously you can have crontab process it daily or every minute. That’s entirely up to you. How do you stop crontab from sending emails on some tasks? Place a trailing >/dev/null 2>&1 on the end of the job.
Trivial tip
How to find the path a program uses on Ubuntu? Many jobs like my scripts and crontab need you to include the path of something you want to run. You just cant put php job.php you have to tell crontab where the PHP is located.
If you don’t know the path for a program just type on command line which php or which postfix or which apache2 and which will displays the full path.
Don’t have which installed! Easy, on Ubuntu just do an: apt install which. Which will be your best friend for ever on Ubuntu!
I inserted a rule into UFW to block an IP and the logs show that they are ALLOWED in the logs. I’m not sure UFW is working. I’m puzzled UFW shows a blocked IP is allowed in. Is UFW blocking?
You will need iftop. If using Ubuntu 24.04 or 22. than just do a apt install iftop
UFW has a weird way of logging and in my opinion, in-spite of the name, the logging is confusing and makes it dam hard to monitor threats.
One thing I notice with UFW, is in their logs, after blocking an IP or range of IP’s using 0/24 that the logs continue show or display ALLOW DPT=XXXX. You scratch head wondering is the firewall UFW working. Logs show ALLOW for the IP xxx.xxx.xxx.xxx. I blocked the IP and UFW (uncomplicated firewall) logs continue to show ALLOW to the blocked IP.
When you understand the way UFW logging works, when UFW displays ALLOW it just means that in the firewall rules you have set for example: ufw allow 80,443/tcp. So UFW is telling you that the IP, even though blocked and is trying to access a port you opened such as 80 or 443. What UFW should say in the logs is BLOCkED denied IP to ALLOWED port xxxx] when logging enabled. Hey, what ever.
What you need to do when blocking an IP to an open port (allow) and want UFW to log that IP attempts to gain access to the open (allowed) port is use the following command: ufw insert 1 deny log from 80.94.95.239 comment “BAD person” Note the word “log”. Now, when the blocked IP tries to access the allowed port you will see in the logs UFW BLOCK that IP address.
Using the above method instructs UFW to display in the logs UFW BLOCK. It’s a great way to assist while debugging to look for suspicious activity.
More examples of having UFW “log” a BLOCK in the logs for IP addresses attempting access to ports you have opened for web or mail server .
ufw insert 1 deny log from 80.94.95.239 comment “Annoying bot” ufw insert 1 reject log from 80.94.95.239 comment “BAD person” ufw insert 1 deny log from 80.94.95.0/24 comment “Lots of bad bots” ufw insert 1 deny log from 80.94.95.239
Always use the insert 1 rule… That places them above your allowed ports such as http, https, smtp 80, 443, 22, 25 and so on. You can use any number in the “insert”, as long as it is number lower than the ports you want to block an IP from. For example, if port 443 is at position 75 on the firewall list and you want to block an IP from https than insert 74 would place that block rule above https and successfully block it. But, that’s not a good idea, you’re leaving yourself exposed to human error, hence, best using insert 1. Saves time and reduces the likely hood of error.
For more peace of mind, to assure yourself you have indeed blocked the bad IP address you can use iftop (IFTOP). If using Ubuntu and don’t have iftop installed just: apt install iftop. iftop is an excellent peace of software for Linux systems. It monitors traffic inbound and outbound to all IP addresses connected to your server and what port the connection is on.
IFTOP displays all connections to your server showing both inbound and outbound traffic and you have options to have iftop, display source and destination ports. When iftop shows data coming in and no data going out it means that source IP address is either blocked by the firewall or they are connecting to a port that is either closed or not monitored by any software on your server. You can even filter what ports IFTOP displays.
For example, if you just want to monitor SSH traffic press “l” (lowercase L) than type ssh followed by enter, and iftop just displays connections to port 22. If you have SSH on another port than instead of entering “ssh” enter the port number you use for SSH.
After blocking an IP address with your firewall (UFW) open iftop and monitor that IP addresses outbound traffic. You will notice over 40 seconds it will begin to display 0 for outbound. Don’t be overly concerned seeing inbound. It just means the bot or human hasn’t figured out you blocked it. The inbound traffic means it’s trying to communicate with your server. Apache web server for example or mail or SSH. The fact no traffic is going out means the communications sent by the blocked IP address is not being received by your web server, Apache for example. UFW, your firewall is doing the job for you and protecting your server by blocking that IP address.
I currently have a pesty Brazilian hacker coming into my site on port 443 (https) from multiple IP addresses. He pounds my server around 3,000 hits per hour for several hours a day. It soon became clear this is no ordinary person. I believe the attack is coming from the Brazliian government, private organisation or organised crime syndicate. The reason I wonder this is, the attack comes from 10s of thousands of Brazilian servers. Quite a claim for me to make but, Brazil is a poor country and an individual could not possibly own over 10’s of thousands of servers. Unless he or she is a very smart hacker taking control of them. Or he’s quite stupid. Or, what is his interest in my server? Why is it so important he break in. The perseverance is so strong and mind blowing. He comes in daily with 1024 different IP addresses, when blocked, the following day another 1024 servers. It’s like he owns Brazil!
This has been going on since December 6th 2024 and, today, January 6th 2025 the desperation become more desperate with him this past 24 hours, or the organisation. After I block the 1024 servers, he comes in again a couple of hours later with another 1024 servers. During the past 24 he has come in from over 8,000 servers. It’s like this dude is very desperate and seemingly deep pockets of cash or, has control of Brazil. What the hell is on my server that could be of interest? This server he attacks is nothing more than a mail server. No secrets on there, no customer user database, nothing of value to anyone except me.
I have 3 servers, they are attacking one, the mail server. Unknown to them, their IP addresses are instantly sent to the other 2 servers to add to the firewall block list. It appears for now, this server of mine is now more than a mail server, it’s now harvesting the IP addresses of the Brazilian attackers and sharing that data with my other servers.
He or the organisation are so bad, special software was written to auto detect within seconds the attack and auto block.
These are the steps to follow before you block an IP or IP range with UFW (uncomplicated firewall) and if you follow these steps it will give you peace of mind.
In my example we are going to first monitor port 443 (https) to see if Apache is responding to the pesty retard from Brazil.
run iftop
press “p” which displays PORTS accessed on your server
press “l” (lowercase L)
type in http than (enter) this filters and display access to port 443 (https) only
You will see the pesty dim wit attacking or probing the port https
Monitor the “outgoing traffic” on the IP, not the incoming traffic
You will see Apache is responding with data going out which means not blocked by UFW
This means, that the IP is allowed and Apache responds as one expects.
Now press n that will display their IP address not dns name as some hide IP by showing IP like 123-123-123-123.somebraindead.br and your fooled thinking the 123 is their IP.
copy the IP address from iftop
press ctl c to exit iftop
now type:
ufw insert 1 deny from xxx.xxx.xxx.xxx comment “Pesty Brazilian”
now go back into iftop
while monitoring iftop you will see that there is NO outbound traffic to the blocked IP address
This means UFW has indeed blocked that IP address even though in the UFW logs it will show ALLOW DPT=443 to the blocked IP. Remember, I mentioned earlier, if you want UFW to log an IP is being blocked you must use the command including the log in the rule. ufw insert 1 deny log from xxx.xxx.xxx.xxx comment “BOT or Individual hacker” OR ufw insert 1 deny log from xxx.xxx.xxx.0/24 comment “BOT or Individual hacker” to block 256 in one go.
You would do the same with your mail server or SSH server when you are unsure if UFW is actually blocking. Using iftop with UFW will help you monitor the activity. iftop will confirm by displaying, no data out than UFW is working, or if data going out, something is wrong, UFW not working or the block rule you have UFW is incorrect or not inserted to the top of the list. Remember step 3 above and you press “l” lowercase L and typed http well if you had a pest on port 22 or ssh you would type ssh or 22.
Keep in mind, don’t trust all of the data you see in UFW logs. Your best friend is iftop which tells you IF and WHAT traffic is coming IN or OUT from your server and to WHO what remote IP address.
My advice is use DENY in UFW and not REJECT. From experience, I find when you DENY which is “silence is golden” the pesty IP goes away and when you use REJECT they continue to pound your server like a randy dog. Using DENY, your server gives no response at all when the come. Think of it this way.
“DENY” When someone knocks at the door of your home and you keep very quiet and don’t respond and wait for them to go away… They have no idea whether you are home or not. That’s what DENY is on a UFW firewall. They have no idea whether there is a server there or not…… Unless your server responds to a PING request 😉
“REJECT” When someone comes to your home knocking and you scream out “Go away you moron!” or yell, they know you are there! If you REJECT with UFW the pesty moron hacker is 100% sure there is a server there and will keep on returning.
UFW creators, great firewall but the logs are pretty weak. I’m being polite! Try showing in logs for example port 80 open (allowed) and BLOCKED banned IP. Easy as spreading butter on bread!
How creating a hologram image above a prim is a very easy thing to do and doesn’t require a timer event….
Rez a prim
Create an LSL script inside the prim
Edit the script and past the following code
Compile / Save the script
Place a texture into the prim
The script will use the texture and display it above the prim as a hologram. Why use a hologram? A hologram texture above a prim will allow it to be seen by other avatars from any angle.
LSL is the Linden Labs SecondLife scripting language and can be used on Opensim grids, Osgrid and Kitely grids.
// OFFSET is distance above / below object generating Hologram // Adjust this to suit float OFFSET = 1;
// The width of the hologram :) // If a square image you will have to set Width and Height same value // because there is no method in LSL to get dimensions of an image // to do automatically at this time
float Width = .55; // The Height of the Hologram float Height = 1.85; /* There are 2 ways to display the texture for the Hologram 1) Place the texture inside of the object 2) Obtain the UUID of the texture from you inventory If choosing UUID method it can be seen only within your grid. */
// If you know the UUID and for this grid only // string Texture = "69064cf6-155d-4a46-9c3a-c01f58639238";
// Replace TEXTURE NAME with the name of texture inside the prim string Texture = "TEXTURE NAME";
DISPLAY_HOLOGRAM(){ integer Count;
// Will auto get name of 1st texture if in the object // IF you didn't set the texture name from default if (Texture == "TEXTURE NAME" ){ llSetText("",<1,1,1>,0); Count = llGetInventoryNumber(INVENTORY_TEXTURE); if(Count > 0) Texture = llGetInventoryName(INVENTORY_TEXTURE,0); else { llSetText("No Texture inside me",<1,1,1>,1); } } llParticleSystem([ PSYS_PART_FLAGS,PSYS_PART_INTERP_COLOR_MASK, PSYS_SRC_PATTERN, 4, PSYS_PART_START_ALPHA, 0.50, PSYS_PART_END_ALPHA, 0.50, PSYS_PART_START_COLOR, <1.0,1.0,1.0>, PSYS_PART_END_COLOR, <1.0,1.0,1.0>, PSYS_PART_START_SCALE, <Width ,Height,0.00>, PSYS_PART_END_SCALE, <Width,Height,0.00>, PSYS_PART_MAX_AGE, 1.20, PSYS_SRC_MAX_AGE, 0.00, PSYS_SRC_ACCEL, <0.0,0.0,0.0>, PSYS_SRC_ANGLE_BEGIN, 0.00, PSYS_SRC_ANGLE_END, 0.00, PSYS_SRC_BURST_PART_COUNT, 4, PSYS_SRC_BURST_RADIUS, OFFSET, PSYS_SRC_BURST_RATE, 0.10, PSYS_SRC_BURST_SPEED_MIN, 0.00, PSYS_SRC_BURST_SPEED_MAX, 0.00, PSYS_SRC_OMEGA, <0.00,0.00,0.00>, PSYS_SRC_TEXTURE, Texture]); }
default { changed(integer change){ // This will update hologram image when you // add or remove an image if(change & CHANGED_INVENTORY) DISPLAY_HOLOGRAM(); } on_rez(integer i){ // When object rezzed it will display it DISPLAY_HOLOGRAM(); }
state_entry() {
// when you compile the script will display it DISPLAY_HOLOGRAM(); } }
The Amazon servers are an orgy for hackers and probing. Thousands of AWS have been hacked and are used to probe and hack other servers, Even Edison mail….
Trojan Alert: effethemes.com (Brazilian Server) WordPress themes contain a trojan. Definition of a trojan is a piece of code that does something malicious. The theme links your site to thousands of BR hacker scanner sites that scan/probe your server thousands of times an hour. Form of mentally challenged Brazilian DOS attack, low grade attack.
With any claim, just like reporting a bug I need to provide data that enables anyone to replicate my findings.
If you’re using Ubuntu you will need iftop. If you don’t have than apt install iftop
First run iftop
while running press “p” for ports display and than “l” < lowercase L and type http and press enter
Monitor who’s connecting to https
Install wordpress theme. Zummo Prime By Effe Themes
Activate it, if you dare!
While using iftop monitor what’s happening to your https connections
Within 24hrs you will find from multiple connections to your https from one of the following IP ranges all of which come from BR (Brazil) and, you will notice, the creator of Zummo Prim By Effe Themes is also Brazilian (BR)
Note. Apache will not log anything in the logs, even with debug activated (I find Apache is lacking in log data making it very hard for webmaster to monitor suspicious activity)
The list of Brazilian IP ranges that started hitting my my web server none stop with 160 to 240 hits per hour. They will come multiple ip addresses spread over a number ranges and after you block them, the next day, come in with new IP addresses.
I’ve made it easy for you and listed all of the addresses collected so far in 2 sections. section 1 bare format and section 2, nice and easy copy and past already formatted to go into your UFW firewall.
The list is updated daily. (Last update January 6th 2025 Australian EST) For obvious reasons I can’t disclose how they are auto detected by my servers and immediately blocked via firewall. For now lets say, they’re not a smart bunch.
Section 1 – Bare listing of BR IP addresses (Brazil)
Section 2 – Ready to go formatted for UFW firewall of BR IP addresses
Brazilian hacker dumb enough to walk off a cliff
Best to use DENY. The Brazilian’s are not the full quid. Even while blocked they still come for several hours. A smart hackers code knows its blocked and moves on to another target. I think these Brazilians would drive off a cliff even when there is a road block! (Maybe these hackers are government employees and if so, explains the lack of intelligence)
ufw insert 1 deny from 103.77.224.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 104.234.224.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 131.255.228.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 131.255.229.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 131.255.230.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 131.255.231.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 138.99.48.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 138.99.49.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 138.99.50.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 138.99.51.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 170.231.28.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 170.231.29.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 170.231.30.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 170.231.31.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 177.38.41.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 177.40.203.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 179.108.31.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 179.51.178.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 179.51.179.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 179.51.180.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 179.51.181.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 186.227.20.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 186.227.21.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 186.227.22.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 186.227.23.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 189.127.187.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 191.242.220.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 191.242.221.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 191.242.222.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 191.242.223.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 31.255.228.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.152.46.179 comment "Wordpress pesty BR" ufw insert 1 deny from 45.164.202.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.164.203.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.174.0.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.174.1.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.174.16.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.174.17.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.174.18.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.174.19.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.174.2.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.174.3.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.176.36.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.176.37.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.176.38.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.176.39.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.179.108.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.179.109.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.179.110.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.179.111.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.179.48.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.179.49.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.179.50.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.190.160.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.190.252.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.190.253.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.190.254.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.190.255.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.233.107.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 45.89.30.0/24 comment "Wordpress pesty BR" ufw insert 1 deny from 216.98.209.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 216.98.210.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 216.98.211.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 179.108.31.206 comment "Wordpress Brazil secret service IP address" ufw insert 1 deny from 177.23.109.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 177.23.108.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 177.23.111.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 177.23.110.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 45.227.44.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 45.227.46.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 45.227.45.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 45.227.47.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 168.232.222.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 168.232.221.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 168.232.223.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 168.232.220.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 45.177.133.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 45.177.134.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 45.177.132.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 45.177.135.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 191.96.81.0/24 comment "Wordpress Brazil president private IP address" ufw insert 1 deny from 177.10.172.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 177.10.174.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 177.10.175.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 177.10.173.0/24 comment "Wordpress Brazil" ufw insert 1 deny from 205.210.31.177 comment "Wordpress Brazil"
I contacted the creator of the WordPress theme and received no response. When you don’t respond to me, that’s admission of guilt and grants me permission to go public. If he had of responded with an acceptable response you would not be seeing this.
Summing up, I like giving people the benefit of doubt and he maybe unaware this is happening. It’s probable the server where he develops the theme has been hacked and his development code has been modified, unknown to him by hackers. Hence, he is uploading to WordPress for distribution. Should this be the case, it strongly suggest WordPress do not filter themes for malicious code!
Are you concerned about Edison Mail with what is being done with your password?
Is Edison mail sharing my password and email address? Yes Who are Edison mail sharing my password with? I’ll show you further down! I’ve noticed someone logging into my email account and don’t know who. Are you using Edison mail (email)? There are dozens of unauthorised logins to my mail server, email hosting provider. Have you installed Edison mail? I’ve noticed strange login to multiple accounts? Do you use Edison Mail?
After installing Edison mail onto my Android it soon became evident something isn’t quit right.
When you use an app or desktop software for email you, provide your email hosting details, password, email address and access and send emails without any issues. The email app stores your login information on your device or computer. You don’t expect the app to steal your password, login details and store on a foreign country and use it themselves.
After installing and configuring Edison mail it didn’t take long to know something mysterious and unlawful was taking place with my email account and password. Edison, sent a copy of my password and email and contacts to their server and shared with dozens of other servers based on AWS (Amazon servers) leased to anyone. How do I know that happened? Read on.
Within a day multiple people from America were using my password to login to my email account and sifting through my inbox and sorting through who sent me the messages, who I sent messages to and so on.
As Edison mail was the only app/software I gave my password to, I immediately stopped using and removed the Edison mail app. I changed the password on my email account.
I monitored the mail server logs after changing the password to see if the logs would then start displaying: Password error. The logs began showing that from Edison servers there is indeed a password failure during login. I than configured the server for debug mode. In debug mode, when a person enters wrong password the mail server records the password in the logs that was provided. Sure enough, the Edison servers were issuing the password I gave them during the setup process. Obviously the app needs the password so that the “App” can sign into my email account. The App didn’t say it would share my password for others to login to my account.
It is a breach of a persons email provider terms to share and allow a third party to use your details to login to your email account! You need to give the app your password, but, you didn’t know, the app was sharing your password with dozens of servers that in effect, placing you in the position of breaching your email providers terms of use.
Edison mail has made you breach the terms of service with your email service provider! Your TOS clearly state you are not allowed to share your details with a third party. Edison has transferred a copy of your password, without your knowledge, without your consent, to his servers and is using those details to login to your email provider or worse, could be trying to login to other accounts you have that use your email address as login. Hopefully, you use a different password with all of your accounts.
I immediately blocked all IP addresses associated with Edison mail and gone back to using webmail.
I contacted Edison mail about my concerns demanding to know why they have my password and why they are logging into my email account sifting through my personal correspondence. His response, it is needed for push notifications. What a load of bullshit. Logging into my account without my express permission did not aid push notifications any better than any other app. In-fact, it was slower. An email app or any app does not require to logging from dozens of servers throughout the day from America, into your email account for the purpose of push notifications. Perhaps, Edison is a front for the US government to spy on your email communications or, used by organised crime1
If you notice security breaches on any web accounts you use your email address as login details, and, not prudent to use multiple passwords, and have Edison mail on your PC or phone, you might want to consider changing all of your passwords.
If you find in your mail server logs the following connections from the list of IP addresses below, you will find they belong to Edison mail. This business, is logging into your email account, dozens of times a day sifting through your emails.
If you work for the military or a government department, or use email to communicate sensitive information I strongly urge you to stop using Edison mail and any mobile phone app for email communications. Ask yourself, would you give Edison mail, a total stranger the key to your home? Would you feel comfortable he is going though your personal belongings without your consent and knowledge? You’re allowing them to login to your email 24/7 going through your private mail, images, videos sent and received…
List of the Edison Mail IP addresses logging into your email account
These are the known IP addresses of servers based in the United States where strangers to you are logging into your email provider sifting through your private correspondence.
ufw insert 1 deny from 3.80.29.130 to any comment "Edison mail" ufw insert 1 deny from 3.85.137.46 to any comment "Edison mail" ufw insert 1 deny from 3.87.152.254 to any comment "Edison mail" ufw insert 1 deny from 3.95.241.244 to any comment "Edison mail" ufw insert 1 deny from 18.209.13.98 to any comment "Edison mail" ufw insert 1 deny from 18.234.60.129 to any comment "Edison mail" ufw insert 1 deny from 34.224.99.135 to any comment "Edison mail" ufw insert 1 deny from 34.236.150.165 to any comment "Edison mail" ufw insert 1 deny from 35.175.179.43 to any comment "Edison mail" ufw insert 1 deny from 44.220.144.156 to any comment "Edison mail" ufw insert 1 deny from 44.222.212.145 to any comment "Edison mail" ufw insert 1 deny from 34.230.86.97 to any comment "Edison mail" ufw insert 1 deny from 52.201.240.190 to any comment "Edison mail" ufw insert 1 deny from 54.91.110.78 to any comment "Edison mail" ufw insert 1 deny from 54.91.216.244 to any comment "Edison mail" ufw insert 1 deny from 54.163.55.72 to any comment "Edison mail" ufw insert 1 deny from 54.174.130.20 to any comment "Edison mail" ufw insert 1 deny from 54.196.148.146 to any comment "Edison mail" ufw insert 1 deny from 54.226.231.255 to any comment "Edison mail" ufw insert 1 deny from 98.81.77.124 to any comment "Edison mail" ufw insert 1 deny from 107.20.85.9 to any comment "Edison mail"
We will have partnerships enabled on the grid later this weekend. The web developer had a serious fall on Friday resulting injuries requiring laid back rest for a few days. Expect on Monday, work will continue to include the addition of adding a partner to your avatar.
It will be an easy process where you add a partner, the request will be sent to the other avatar and once they confirm the other party accepts your proposal to be their virtual world partner it will be connected to your profile. Congratulations, on your virtual marriage.
Don’t forget to visit other worlds such as Osgrid and Kitely grid where you are able to obtain items for your inventory, your avatar and your land. Opensimworld is a great place for tips and tricks and opensim setting up.
Account management fully operational. You’re now able to change password, email and avatar name. No longer are you committed to an avatar name. At Jacobs Bonny Grid Premium members are able to change the name of their avatar anytime they choose.
The possibility of owning your own home in Australia has become just a dream. Todays politicians lack foresight, and need the balls to stand up to the UN. The Labor party, once the working glass party, no more. leaving many homeless, record numbers unable to buy a home, many more unable to even find a place to rent.
The UN should be held jointly accountable for the homelessness’ of Australian children, and the physical and emotional abuse they suffer as a consequence of family pressure to pay for a home, let alone get one. The security council is also partly responsible for the rising juvenile crime, the consequence of family pressures of housing struggles. Today, the UN are nothing more than dictators, do as we demand or suffer our wrath of economical disruption (abuse against children), have laid the foundations, to housing shortages in Australia. In my opinion, the security council think of themselves and their own country before considering the consequences of their actions against children of other countries.
Australia must stop taking in refugees until we have enough housing for our own people, our own children, our future generations. I’m sick in the stomach when I see a refugee driving a nice car, living in a lovely home financed by Australian tax payers, and an an Australian family of 5 with 2 toddlers living in a rust bucket car because they can’t get a home. Because the selfish United Nations security council, don’t care about Australian children!
The United Nations pressures us to fill our sinking ship with buckets of water. We don’t need the UN. They need us! They are a cancer to our country. Our government must start saying no whenever the UN pressures us to do do things that have a negative impact on our people, our children. Charity starts at home Australia! Grow a pair of balls!
You can, own your own virtual reality land and home here, at Jacobs grid. Join today, select your land and move in. No Australian politician can say that! Join today When the population of this grid grows to a point land availability is beginning to get low we sill stop taking in new members. Thank goodness the UN cannot put economical pressure on us for doing that! (tongue in cheek). This is an Australian only grid. Nothing you can do about that UN so suck my…… United Nations!
It didn’t take long to identify whom gets the most benefit from web site sitemaps. It’s not you, it’s not us. The sitemap.xml and sitemap.html are a primary target for the queens, slave hacker that scouts around the world 24/7 looking for sitemaps.
It became evident, Google had very little interest in the sitemap file. We set up 2 sites, one with sitemap and the other just a robots.txt. Both sites had identical content and each located on separate servers, in separate states. By identical content it means, one had WordPress with sitemap and the other had identical content but not created using WordPress, however, it did contain a fake WordPress login page which I discussed later how it was used to spy on what the hackers were up to.
We found within 12 hours, the web site having the sitemap.xml was aggressively attacked by hackers from all over the globe targeting dummy web pages we knew would interest hackers. One Example, we created a fake wp-login.php that intercepted the data being sent by the hackers. Data I collected, the details the amateur hackers posted into the fake wp-login.php page . Unknown to the hackers, the fake page collected useful data from the amateur hacking attempts. The only response our page gave was….. No response at all. Meanwhile we gathered data, their location, the user names they posted, passwords given and so on.
The web site without the sitemap.xml and sitemap.htm sat for a few days before the hackers came in for the kill.
Both sites listed equally in the Google search system.
Our conclusion: We found that, Google took very little interest in the sitemap. We also found that a sitemap made no difference in your search ranking. We found, a sitemap, serves no purpose other than providing a fantastic road map for hackers to quickly identify whether your web site would make a good target for aggressive attacks and if so, what to target.
During our monitoring of hackers, sitemap.xml and WordPress we noticed additional, unexpected things happening. Hackers would troll the WordPress images downloading all our content. It seems, WordPress makes it very easy for hackers to scan through your content and, clone, and steal it.
On our other site, the one without WordPress or a sitemap, the hackers didn’t troll and download the images. In-fact, our content seemed very uninteresting to them, or maybe, because the hackers aren’t professionals, it was just too dam hard for them to scan the content and opting out for targeting the WordPress site that puts everything out on a silver lining for them. That would require more research and will do that after xmas.
The PHP code used to intercept hackers login attemps and log the details they post.
This is a working sample PHP that uses json to extract country, city, state and organisation information from a persons (hackers) IP address and log that data into a file. Very useful for finding out what user name and password combinations hackers are using on your WordPress web site. Of course, this can be adapted to work on any platform.
After using the code I was surprised how close they were to knowing my user name. Close, is not good enough and shows hackers aren’t that smart. but, unknown to the hackers my password length is 120 characters in length consisting of random characters. So, even if they got my username correct, the Earth would no longer exist and, they still with brute force never get the password.
<?php /* This is the code I placed into a fake wp-login.php page. You can place it at the beginning of a real wp-login page and record the posted login attempts made by hackers.
It can be used to see if they know your user name and, are they getting close to your password. If your smart and have password consisting of random characters and 20 or more long don't worry, the school girl hackers will after trillions of years never guess it! I refer to them as school girl hackers simply because they only know how to exploit and don't know how be a real hacker. Take no offence school girls, you're certainly smarter than most of them. */
// write the data posted by hackers to a file if ($_SERVER["REQUEST_METHOD"] == "POST") { $outfile = fopen($PATH."hacker.log", "a") or die("Unable to open file!"); fwrite($outfile, ""."\r\n"); fwrite($outfile, "====== ".$IP." ===== ".$login."\r\n"); fwrite($outfile, $location."\r\n"); foreach ($_POST as $key => $value) { $out="Field ".htmlspecialchars($key)." is ".htmlspecialchars($value)."\r\n"; fwrite($outfile, $out); } fclose($outfile); }
/* Rule 1: Never respond to a hacker "Silence is golden" Just quietly exit the page OR if adding to start of a real wp-login page let the login continue.
I'll write tips on how to silently and cleanly exit pages you don't want Google indexing and hackers to view later on.
remove the exit(); and ?> below if you're placing at the start of a real wp-login page to monitor hacker activity. */ exit(); ?>
* WordPress User Page * * Handles authentication, registering, resetting passwords, forgot password, * and other user handling.
Log output generated by the above code
====== 203.124.33.211 ===== 22 Nov 2024 01:24 PM Hacker location: Country: PK City: Rawalpindi State: Punjab Organisation: AS7590 Commission on Science and Technology for Field log is bonny Field pwd is covert-gadgets123 Field wp-submit is Log In Field redirect_to is https://covert-gadgets.com/wp-admin/ Field testcookie is 1
====== 134.209.249.86 ===== 22 Nov 2024 01:46 PM Hacker location: Country: DE City: Frankfurt am Main State: Hesse Organisation: AS14061 DigitalOcean, LLC Field log is bonny Field pwd is covert-gadgets1234 Field wp-submit is Log In Field redirect_to is https://covert-gadgets.com/wp-admin/ Field testcookie is 1
====== 157.245.131.229 ===== 22 Nov 2024 02:29 PM Hacker location: Country: US City: North Bergen State: New Jersey Organisation: AS14061 DigitalOcean, LLC Field log is bonny Field pwd is 1234covert-gadgets Field wp-submit is Log In Field redirect_to is https://covert-gadgets.com/wp-admin/ Field testcookie is 1
====== 135.125.183.119 ===== 22 Nov 2024 02:51 PM Hackers location: DE City: Frankfurt am Main State: Hesse Organisation: AS16276 OVH SAS Field log is bonny Field pwd is bonny!!!!!! Field wp-submit is Log In Field redirect_to is https://covert-gadgets.com/wp-admin/ Field testcookie is 1
As you can see the passwords they use are pathetic. You can clearly see the hacker is an amateur trying to exploit those using silly passwords.
Seeing that in the logs, my mind is at rest knowing they are not professionals and pose no threat.
