Author Archives: Steve

State Sponsored hacking?

So yesterday my site got hit by a large number(140) of Chinese IP addresses  all trying to login to my site. Fail2 ban blocked them and sent me lots of emails: Then this morning another pile of Chinese IP addresses … Continue reading

Posted in Sad Spammers | Tagged , , , | 2 Comments

More Botnet stats

So I upgraded Fail2ban and so had to restart it. As it stores it’s bans in a database it can restore them at start up. And what a depressingly long list it is for the botnet: 2017-08-05 14:58:20,149[dovecot-disconnect] Ban 1.163.34.115 … Continue reading

Posted in Computing, Rants, Sad Spammers | Tagged , | Leave a comment

Botnet stopped…

Either its been taken off line or I’ve blocked all its IPs. No more new additions for over 24 hours:   Status for the jail: dovecot-disconnect |- filter | |- File list: /var/log/mail.log | |- Currently failed: 0 | `- … Continue reading

Posted in Uncategorized | Tagged , | Leave a comment

Botnet still chugging along

Its still going: Jun 12 18:41:25 Debussy dovecot: imap-login: Disconnected (auth failed, 1 attempts in 9 secs): user=<colin@some.domain.here>, method=PLAIN, rip=36.7.79.21, Jun 12 18:42:01 Debussy dovecot: imap-login: Disconnected (auth failed, 1 attempts in 8 secs): user=<colin>, method=PLAIN, rip=113.240.237.10, Jun 12 19:11:58 … Continue reading

Posted in Computing | Tagged , | Leave a comment

Spammers really don’t get it do they?

Going through the spam comments on one of the sites I found the following: Yes that’s right… 3 comments on the SAME post from the SAME IP address… how could that not be spam?  

Posted in Sad Spammers | Tagged , | Leave a comment

Bot Net slowing down

As a follow on to my post about the slow cycle bot net  it now looks like its slowing down (i.e. Fail2ban has blocked most of the compromised machines).

Posted in Computing | Tagged , , , | Leave a comment

A very large but sneakily slow bot-net?

Anyone who runs a server is used to it to being attacked by compromised machines which target their SSH services, their web services and their email services. The attack on the email services takes two forms : either trying to … Continue reading

Posted in Computing | Tagged , , , , | 1 Comment

Fail2Ban working hard

Graph courtesy of Monitorix:

Posted in Computing | Leave a comment

Bad IPs

Its the list of usual suspects – China featuring high in the list of machines trying to break into servers (no surprises there) and OVH : 89.248.174.27 60.173.16.74 161.0.153.110 123.214.172.84 218.27.147.130 120.203.25.58 41.110.189.60 62.99.78.120 155.4.33.255 223.241.247.6 218.5.3.45 46.181.62.158 221.3.236.94 114.251.196.28 … Continue reading

Posted in Computing, Sad Spammers | Leave a comment

More shit from the internet

I tightened up the fail2ban rules after looking at my mail logs. The result is impressive but at the same time depressing … so many machines trying to break into my server. Several from GoDaddy…. I guess they’re starting to … Continue reading

Posted in Computing, Sad Spammers | Leave a comment