Sounds sensible to me.

I also blanket ban anyone having a go at SSH simply as whilst it may start there, it never ends there.

Sounds like a retarded infestation to me. Most bots are not that clever in and of themselves, once you have had a rummage through their code. There have been some clever tricks put into coding them though.

kirbs

Every packet that arrives from them is sent to a chain by the firewall which logs them and then drops them. The log records the port they were blocked on. That's how I found the 7777. I had no idea what it was. I picked them up first because they hit on 22. that got them put in the set. Others in the set made a couple of attempts then disappeared. There is one oyher persistent pest, a well known comment spammer that keeps coming back and having a go for a while then disappearing, then just the usual rubbish

On Tue, 9 Apr 2019 at 22:27, Dom Latter <bitfolk-users@latter.org> wrote:

On 09/04/2019 10:59, Keith Williams wrote:
>
> On Tue, 9 Apr 2019 at 17:38, Dom Latter <bitfolk-users@latter.org
> <mailto:bitfolk-users@latter.org>> wrote:
>
>     On 09/04/2019 04:44, Keith Williams wrote:
>      > for at least 24 hours now. They go for ports 22.23.53, 80, 443
>     and 7777.
>      > That last one is particularly nasty.
>
>     They're (probably) looking for a backdoor opened up by Windows malware.
>
>     Why would that concern you?

 > It does concern me for a number of reasons.

I was particularly referencing 7777 (hence the quoted context).  You've
not got anything on that port, and even if you did, it wouldn't be
compatible.

I don't think I'd even notice an attempt to connect to 7777.
Because a connection is not made...

_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users

_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users