Sep 27, 2006

Just what is

We receive a lot of abuse from this domain and a lot of webmasters are blocking it.
But since the domain has no website it was not clear what it was.
After a long search I have discovered that its British Telecom DSL.
See DSL report page. This was the only site that told what it was.

Why the lame tecs at BT dont have a website at that domain is confusing because not knowing what it is is getting BT customers globaly banned. should not be banned as it is a ISP
It is not clear yet if dsl modems keep the same IP so we have to ban by IP until we know.

To the folks at BT Please put a website at


Anonymous said...

IP Address
Attacker DNS name
Attack Time
Scan Port Details UDP (1026)

caeos said...

it was originally the central adsl pool before they started drifting futher afield

daryl said...

i agree.

i have just received 1458 reply emails. ome toad has spoof our email address and most of the headers mention btcentralplus via http.

cheers bt.

glad we recently moved our phone line away from you.


DJ Saad said...

It shows me in America. And currently is seeding a torrent.

rainman said...

I am being internet stalked by someone using

complaints to the BT abuse line are met with "until our customer does something illegal we can take no action"

Anonymous said...

on my site 19 times, at obscure times of day, like 4 in the morning, and midnight

Anonymous said...

A bad bot @

Anonymous said...

02-28-2008 20:33:55
This is an attempt to overflow an IIS server. This is one of the attacks used by Code Red.


Anonymous said...

Hey I just saw that some one using BTcentralplus was trying to run a cod of some kind, can somebody examin it for me ??
Here is the link


Anonymous said...

I received lot of useless e-mail , by looking at the header they come from, thus someone from BT

Kelpie said...

If this is all happening, it seriously means that their security is terrible. And yes, an ISP can have such poor security that people can abuse it and use people's computers to do nasty things.

Full of fail.

Sandro said...

this is true; also here in the beautiful USA, we have people who start weak isp's aka private isp that start up with very weak security

Anonymous said...

this made me laugh, people getting paranoid over web crawlers that actually help your site

tmaster said...

As far as I know none of the bots we are blocking help your site in anyway.

Anonymous said...

My computer is hacked by someone who uses one of these ip's:

They all seem to come from

I know the person who hacked me from different forums. His nickname is: Regain.

If someone knows anything about him tell me please.

bsdpunk said...

I had to users join my irc network with btcentral as their host name, at first I thought they were the same user connecting through a shell or something. However I am not certain now. But I imagine they host bnc shells, which to my knowledge are only used to circumvent the security of IRC networks. Well that's my two cents.

Oh here's the info if it helps:

14:25:43 •›››››››››››››››››››››››››››› ( /whois ) ››››››››››››››››››››››› ››››› ››› ›› › › ›
14:25:43 | •›› DrVB is "Winsock client" (
14:25:43 •›› Raw (379): DrVB is using modes +
14:25:43 •›› Raw (378): DrVB is connecting from *
14:25:43 | •›› DrVB is on #9unkz0r
14:25:43 | •›› DrVB is using (9unkz0r IRC Network)
14:25:43 | •›› DrVB is idle: 19secs
14:25:44 | •›› DrVB is online since: 1hr 1min 44secs
14:25:44 •›››››››››››››››››››››››››››› ( /whois end ) ›››››››››››››››››› ››››› ››› ›› › › ›
14:25:55 •›››››››››››››››››››››››››››› ( /whois ) ››››››››››››››››››››››› ››››› ››› ›› › › ›
14:25:55 | •›› OXY is "OXY" (
14:25:55 •›› Raw (379): OXY is using modes +i
14:25:55 •›› Raw (378): OXY is connecting from *
14:25:56 | •›› OXY is on #9unkz0r
14:25:56 | •›› OXY is using (9unkz0r IRC Network)
14:25:56 | •›› OXY is idle: 10secs
14:25:56 | •›› OXY is online since: 1hr 28mins 42secs
14:25:56 •›››››››››››››››››››››››››››› ( /whois end ) ›››››››››››››››››› ›››››

Anonymous said...

sorry i am trying to figure this all out this btcentral bad or not? and how can u be sure it is on your computer? i mean what do u do to find out? i keep seeing it pop up on a program i am using but i dont know if that means it is ON my computer.

Anonymous said...

ttribute Value

Visit Start Time 2/20/2009 3:51:28 AM

Last Visit Never

Location Stockport, United Kingdom

Organization British Telecommunications

Visitor ID 86863BB087

From Domain

I.P. Address

Referred By

Visit No. 1

Browser Microsoft Internet Explorer 7.0

Platform Windows Vista

Language English (United Kingdom)

Screen Resolution 1440 x 900

Java Support Yes

Cookie Support Yes

Anonymous said...,,AS2856,,,,,,,,,,,,,com!1AS2,3NET1,3PTR4,3PTR5,3PTR6,7NET1,7PTR8,7PTR9,7PTR10,11NET1,11PTR12,11PTR13,11PTR14,0UP15,0NS14,0NS10,0NS6,14A11,10A7,6A3!2.png

JamesPond said...

hi folks,
im a bt customer as they are the first at largest provider of phone lines and mabey broadband too in uk as far as i know.

Im no expert, but it looks like its just the ip and name of isp,BT in this case, it must just be some sort of way our adsl system works.

If this is the case then just because you have a bt customer hacking u then doesnt make us all hackers.

if someone is triying to hack u from a bt adsl line it sould be easy to track them as it just looks like its there ip but not with the dots.

We also have a fairly out of date broadband service in most of the uk compared to most countries in EU

You would find them on your website at weird times as we live in GTM time.

As i said im no expert but i wouldn't worry about all bt.centralplus,com ips

We may have a higher ratio of hackers and a certainly a lot torrent users as we have more easy going laws over here as in most of the EU. We won't get anyone sending us legal threats of knocking on our door unless we do something really bad.

Hope that leads some people to the answers they are looking for.

Only a guess but id put money on it:)

Anonymous said...

I just banned a person saying they were a 14 year old boy on our adult chat site The dsl IP was

danielsouzat said...

My firewall is blocking a lot of attacks from btcentralplus and from
The attacks started after I opened my BitTorrent client. The ip sources are:, and

Anonymous said...

BT is my ISP, they are pathetic insanely slow... I'm ashamed to be with them... but that's life

Anonymous said...

Most spams I receive from England are
from so they don't
have a suitable antispam policy.
England is part of Europe and as such
must applies the European parliament
antispam policy.

The guy saying is
a major ISP is lying. Check the
Alexa report. is
the 15,000th rank in UK, hardly a
common place for a major ISP...

Anonymous said...

Hello everybody,

I have bought a small amount of traffic from a site called where I am pretty sure I am being cheated and that all the traffic I receive is fake.

But a lot of the traffic comes from Bt-central-plus.

Traffic example:


So I am thinking if some of you say that you have computers infected with something related to btcentralplus, they might be using your computers to simulate and sell fake traffic?

Anonymous said...

You do realise that BT is the one of the Main providers of internet and phone lines in the UK, being that BT = British Telecom. So according to all of you my own internet is a fake and I'm really a hack of some sort simply because my ip is based off btcentralplus?. Has it not occured to you that that a lot of people from the uk may visit websites as well?

Anonymous said...

i think the is a british telecom bot, they have bots to boost hits on the services they sell people so people think there sites are more popular than they are an continue to purchase of bt. they are quite a ruthless company.

Anonymous said...

was downloading a private torrent the fact that one of the seeders was from the USA with a BTcentral IP which was wary strange... for an unknown reason i thought I'd Google this ISP, and here im am...
p.s. as someone mentioned, that seeder is REALY slow...
but if its British Telecom then why the hell is it in the USA?

Anonymous said...

pflofsumm 24.11.2009 0:00-18:00:

blocked using


-> the IP's are all over GB.

nanotm said...

lol you guys make me laugh, btcentral plus is the hosting servers for bt and there sole purpose is to issue wan ip address's to client computers/networks, most people doing dodgy things bounce there connection via a proxy in an attempt to hide themselves.

if your really careing then i can tell you most wan ip's issued by those servers are dynamic, exceptions are that they use bgp routers to maintain domain connections which generally renew the ip address monthly (some glitch and do it more often which is a pain) they also have btcorenode so if your ping an ip address and it doesnt go via corenode after btcentral plus on the way to the destination then it isnt a bt customer but a spoofer or bouncer.

Jow Brow said...

This is another IP from an attack I've been having in the past 3 days.

Something has to be done with these guys.

Anonymous said...

The amount of spam mail regarding Viagra from email accounts hosted via is getting on my wick (sic). And the unsubscribe link attempts to download a trojon. Thank you AVG. The fact that the trojon activity is via now shows illegal activity IS occuring, so BT now have the ammunition to block these users and remove their site access. GET ON WITH IT BT.

Anonymous said...

i found out the prob i have a program called Azureus now when i switch on my pc an do not tern on azureus i do not get the text btcentralplus shit i can leave it 3 hours an not get the text but as soon as i tern it on i get the text within 2 mins about 20-30 times in 3 hours it is not azureus program cause i have had vuse for some time what it is is a download film-software-music ect from btjunki a download site because i downloaded a file an came up with some shit so i looked at details an it was printing everythink i was doing keys pressed an programs started an stoped since then i get the text if i was u i would not put any passwords bank detail ect cause they can read them i have sent all resent programes to microsoft an they asked me to make a copy of files on pc an send them off for analasis i had a email on my dads pc saying thank u an that they are close to craking it so soon he or they will pay for it so for now the best think to try is to erase movies an music u think might of started it off i have done the same an i have not seen the text for at least 6 hours will get back to you all soon an let you know what microsoft says an what they shall do good luck an be safe scozzer007

Maggy-Pie said... is received by my IP @ numerous times a day,breaching firewalls, anti-spy and anti-virus protection.

i believe is a pitstop for hackers as they make their way through numerous computers to throw cyber police off track as they head for the target computer to bilk, waylay or shut down their intended victim.

I speak from personal experience.

Check your registry to see if you have the CStateHacks listed within HAL. It's planted via SUS, entering the machine with MS WIN Automatic Updates and uses SQL, Adelphi and C++ to script and enumerate IE webpages. It also deletes hardware such as net adaptors or drags pertinant hardware items into DOS, infiltrates software and hides in anti-malware, including programs such as AVG, Avira, Avast. McAfee and BlackIce. It favors WIFI and will take over your network and PC.

CStateHacks is dormant until needed. Then it allows hackers entry into your machine via remote desktop, leaving traces in the internal modem to be reactivated every time you reinstall your OS.

I've been through 3 PCs in 4 years. No joke, very little help and/or info on the subject.

If any one has had or is having this trouble, please blog or contact me.

Anonymous said...

I just tested my network route through "MyRoute" by and found as an "IP Pool" in one of the hops before me (Hop 11). They must sell a bunch of IP addresses to people/companies. The notice said "Hop 11 is responding in an eratic manner, varying between 33 and 108ms response time. This could be indicative of a problem at this point." The hops before them came from Vitacore Systems, Virtela, which all provide serious hosting capabilities (cloud, big corps, etc). The point is TW is allowing their customers to come too far down the networking chain when degradation of connections occur. They sell a service they should make sure there are an efficient number of hops before the connection reaches their customers. TW should be held accountable.

Anonymous said...

They hacked my account on runescape... from this IP i really hope they are stopped...

Bored said...

I am not a IT trained person but I am in law school and this is my area of interest. In order to stop these attack spambots you have to set precedence. I would need persons in IT to assist me. I run a NING site and a person who has been harassing is sending spam, I suppose that makes him feel good. Since my site is on a powerful network and servers there is nothing he can do expect drive up my numbers of web traffic.
However,he was getting away with it..because he was following the members of my sites home locations.e.g.Spain,France, etc. but when I began to see a lot of CHINA I then knew..please contact me at and send details of what you are experiencing. I will have to get to know you and you will have to get to know me, because nothing is real in cycerspace.

Anonymous said...

A user on my forum seems to be using a BTCentralPlus IP to get around a ban. [ (]

Mike Gambino said...

I got hit with it too. someone signed in and I have ip search tracker on the site so I know what people are looking at on the site and someone sent me a message that was disrespectful and this is what I recovered from the server info.

Last Hit
Last Login

the message says this.

"s**k my d*** you c*** s***ing bellend."

yes, I blanked out the bad words because of little children but I do want to sue this person for posting something like this on a publish website.

even though my RPG game engine is still in production, I do not want people posting this crap on my server.

The test server is and I am producing the engine and want to get done with it in 2 months.

please don't sign into a demo. create an account and you can check it out.

Anonymous said...

I Got Hacked The Other Day And I'm Sure Its This Ip Adress:

I've Ran Full Scans On Safe Mode To Get Rid Of The File That The Hacker Got Through On But Still I Got That Ip Adress Last On My Account On An Rpg Game That Only I Know The User And Pass Of And Quite Frankly I'm Not Sure What To Do Anymore.. Some Help Please?


Shanti said...

I'm in the U.S. I have a blog site.. I have a stat counter which gives me a break down of who visits my site, how long, where they came from. has come to my site today and yesterday, and now I have issues with my computer.. I am a writer and have been hacked before, nothing new to me and it has been done many times, but I am not sure how to tackle this person. The IP is My site title has the word Pleiadian in it and the search words used on the search engine they typed the words "pleiadian geographical disruptions" ... This is their search term and they came to my site. They came on 22nd March 2011 18:48:24 and also another time on March 23... They really spent no time there and YET they knew knew enough to type the same words again in search to come back again... which makes me think odd.. or with deliberate to also not stay on a second return..

Does anyone know how to block or remove a virus if this is what they did??? If so please write to me at

Anonymous said...

Plzz plzz help me out!!!!!!?
today when i logged into my gmail account....suddenly a warning appeared...and the warning is " YOUR ACCOUNT HAS BEEN ACCESSED BY BTCENTRAL PLUS.COM" and i found two options show details and ignore below the warning....and i clicked show displayed my recent activity like login details...and this details includes Access type, IP address ,location and time....i found some ip address which are not familiar to me.....and these ip address belongs to Unitedkingdom...and it was accessed four times with four different ip iam worried about my pics which are saved in my account....plz plz plzzzzz suggest me some advice...what to do???am very much worried........if hacker misuses my photos......plz help me out

Internet Happens said...

Received Oct 15, 2013

Email Received: from: ([]:50823)

Attacker IP Address:

SkipRob said...

This is what I received from Google, hopefully it is helpful:

We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt:

Wednesday, October 16, 2013 8:01:58 PM UTC IP Address: (
Location: London, UK"

Maurice said...

I received this email and want to take action immediately because I do not live in UK!
Someone recently used your password to attempt to connect to your Google Account ......... @ This person used a client application e-mail or mobile device.

I tripped trying to connect to the event that a criminal attempt to access your account information. Examine the details of the connection attempt:

October 15, 2013 16:36:20 UTC
IP address: (
Location: London, UK

If you do not recognize this connection attempt, it is possible that someone try to access your account. "

Jack Morley said...

SkipRob, btcentralplus also tried to log into my google account! he did it several times, actually. it was at denton though, not london. the IP address was at least the latest one was, anyway. and how did i know it was btcentralplus? it said, in brackets, plus that with the fact that i'm 10, then that guy, is a heartless retard.