It still continues, but at a reduced rate. Still no response to my email to the abuse mailbox. They have advertised a seminar on cybersecurity which is going on round about now. That is ironic.


On Wed, 10 Apr 2019 at 00:44, Keith Williams <keithwilliamsnp@gmail.com> wrote:
I was just going to say it had stopped, LOL, a 15 minute break, then a burst, then a few minutes break. Seems to be slowing down but another is giving port 80 a hammering. Because I give these blackholes different names I can see the new contender is one of the content spammers. Oh well it's past midnight here so I will let them get on with their games


On Tue, 9 Apr 2019 at 23:03, admins <admins@sheffieldhackspace.org.uk> wrote:

Sounds sensible to me.

I also blanket ban anyone having a go at SSH simply as whilst it may start there, it never ends there.

Sounds like a retarded infestation to me. Most bots are not that clever in and of themselves, once you have had a rummage through their code. There have been some clever tricks put into coding them though.


kirbs



On 09/04/2019 15:50, Keith Williams wrote:
Every packet that arrives from them is sent to a chain by the firewall which logs them and then drops them. The log records the port they were blocked on. That's how I found the 7777. I had no idea what it was. I picked them up first because they hit on 22. that got them put in the set. Others in the set made a couple of attempts then disappeared. There is one oyher persistent pest, a well known comment spammer that keeps coming back and having a go for a while then disappearing, then just the usual rubbish

On Tue, 9 Apr 2019 at 22:27, Dom Latter <bitfolk-users@latter.org> wrote:


On 09/04/2019 10:59, Keith Williams wrote:
>
> On Tue, 9 Apr 2019 at 17:38, Dom Latter <bitfolk-users@latter.org
> <mailto:bitfolk-users@latter.org>> wrote:
>
>     On 09/04/2019 04:44, Keith Williams wrote:
>      > for at least 24 hours now. They go for ports 22.23.53, 80, 443
>     and 7777.
>      > That last one is particularly nasty.
>
>     They're (probably) looking for a backdoor opened up by Windows malware.
>
>     Why would that concern you?

 > It does concern me for a number of reasons.

I was particularly referencing 7777 (hence the quoted context).  You've
not got anything on that port, and even if you did, it wouldn't be
compatible.

I don't think I'd even notice an attempt to connect to 7777.
Because a connection is not made...

_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users

_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users
_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users