Re: [bitfolk] I know I should not take it personally but ...

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MKeith Williams at <-
MKeith Williams at ->

Reply to this message
Author: admins
Date:  
To: users
Subject: Re: [bitfolk] I know I should not take it personally but ...
Sounds sensible to me.

I also blanket ban anyone having a go at SSH simply as whilst it may
start there, it never ends there.

Sounds like a retarded infestation to me. Most bots are not that clever
in and of themselves, once you have had a rummage through their code.
There have been some clever tricks put into coding them though.


kirbs



On 09/04/2019 15:50, Keith Williams wrote:
> Every packet that arrives from them is sent to a chain by the firewall
> which logs them and then drops them. The log records the port they
> were blocked on. That's how I found the 7777. I had no idea what it
> was. I picked them up first because they hit on 22. that got them put
> in the set. Others in the set made a couple of attempts then
> disappeared. There is one oyher persistent pest, a well known comment
> spammer that keeps coming back and having a go for a while then
> disappearing, then just the usual rubbish
>
> On Tue, 9 Apr 2019 at 22:27, Dom Latter <bitfolk-users@???
> <mailto:bitfolk-users@latter.org>> wrote:
>
>
>
>     On 09/04/2019 10:59, Keith Williams wrote:
>     >
>     > On Tue, 9 Apr 2019 at 17:38, Dom Latter
>     <bitfolk-users@??? <mailto:bitfolk-users@latter.org>
>     > <mailto:bitfolk-users@latter.org
>     <mailto:bitfolk-users@latter.org>>> wrote:

>     >
>     >     On 09/04/2019 04:44, Keith Williams wrote:
>     >      > for at least 24 hours now. They go for ports 22.23.53,
>     80, 443
>     >     and 7777.
>     >      > That last one is particularly nasty.

>     >
>     >     They're (probably) looking for a backdoor opened up by
>     Windows malware.

>     >
>     >     Why would that concern you?

>
>      > It does concern me for a number of reasons.

>
>     I was particularly referencing 7777 (hence the quoted context). 
>     You've
>     not got anything on that port, and even if you did, it wouldn't be
>     compatible.

>
>     I don't think I'd even notice an attempt to connect to 7777.
>     Because a connection is not made...

>
>     _______________________________________________
>     users mailing list
>     users@??? <mailto:users@lists.bitfolk.com>
>     https://lists.bitfolk.com/mailman/listinfo/users

>
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
This message was posted to the following mailing lists:
users
Mailing List Info | Nearby Messages		<-Re: [bitfolk] I know I should not take it personally but ...Re: [bitfolk] I know I should not take it personally but ...->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)