15 Apr
2019
15 Apr
'19
8:10 a.m.
SUCCESS
I have just received an email from research-abuse mailbox at Stanford
University to say they have removed my IP from their database. At last!
Shame they didn't think to add a little sorry for inconvenience. But
victory!
On Sun, 14 Apr 2019 at 07:09, Keith Williams <keithwilliamsnp(a)gmail.com>
wrote:
Sorry for delay in replying, I have been away in the
big city for a couple
of days, now back to face the world once more
On Wed, 10 Apr 2019 at 17:13, admins <admins(a)sheffieldhackspace.org.uk>
wrote:
A lawsuit is a blunt and very expensive tool.
Use something pointy and sharp that can slip between the ribs. Like
social media.
Large institutions are sensitive about their image, many monitor social
media and their social media accounts. tweet about the irony you have
observed together with a precise statement of the facts, their lack of
response to the correct official channel for complaints, the ongoing
nature of this and reference their social media account (so their
followers all of them get the message too) and link their security course.
This should get you a response.
Kirbs
On 10/04/2019 08:38, Max B via users wrote:
Now what would it take to get them to notice you
and fix the problem
and compensate you?
A lawsuit.
How does this differ from a robber who is trespassing on your property
and looking
to see whether any of your doors is ajar?
If one of your machines is located in the US, you have locus standi in
that
jurisdiction to pursue the trustees of Stanford.
Is that jurisdiction California?
Can bitfolk map the address range to which your machines respond to a
US server
farm located in Palo Alto or Menlo Park?
It need only be for a month or a week, although damages would follow
length of
exposure to the hazard.
--------------------------------------------
En date de : Mer 10.4.19, Keith Williams <keithwilliamsnp(a)gmail.com> a
écrit
:
Objet: Re: [bitfolk] I know I should not take it personally but ...
À: "BitFolk Users" <users(a)lists.bitfolk.com>
Date: Mercredi 10 avril 2019, 1h50
It still
continues, but at a reduced rate. Still no response to my
email to the abuse mailbox. They have advertised a seminar
on cybersecurity which is going on round about now. That is
ironic.
On Wed, 10 Apr
2019 at 00:44, Keith Williams <keithwilliamsnp(a)gmail.com>
wrote:
I was
just going to say it had stopped, LOL, a 15 minute break,
then a burst, then a few minutes break. Seems to be slowing
down but another is giving port 80 a hammering. Because I
give these blackholes different names I can see the new
contender is one of the content spammers. Oh well it's
past midnight here so I will let them get on with their
games
On Tue, 9 Apr 2019
at 23:03, admins <admins(a)sheffieldhackspace.org.uk>
wrote:
Sounds sensible to me.
I also blanket ban anyone having a go at SSH simply
as whilst it
may start there, it never ends there.
Sounds like a retarded infestation to me. Most bots
are not that
clever in and of themselves, once you have had a
rummage through
their code. There have been some clever tricks put
into coding
them though.
kirbs
On
09/04/2019 15:50, Keith Williams
wrote:
Every packet that arrives from them is
sent to a
chain by the firewall which logs them and then drops
them. The
log records the port they were blocked on.
That's how I found
the 7777. I had no idea what it was. I picked them
up first
because they hit on 22. that got them put in the
set. Others in
the set made a couple of attempts then disappeared.
There is one
oyher persistent pest, a well known comment spammer
that keeps
coming back and having a go for a while then
disappearing, then
just the usual rubbish
On
Tue, 9 Apr 2019 at 22:27,
Dom Latter <bitfolk-users(a)latter.org>
wrote:
On 09/04/2019 10:59, Keith Williams wrote:
--
admins(a)sheffieldhackspace.org.uk
www.sheffieldhackspace.org.uk
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users
On Tue, 9 Apr 2019 at 17:38, Dom Latter
<bitfolk-users(a)latter.org
<mailto:bitfolk-users@latter.org>>
wrote:
On 09/04/2019 04:44, Keith Williams
wrote:
> for at least 24 hours now. They
go for ports
22.23.53, 80, 443
and 7777.
> That last one is particularly
nasty.
They're (probably) looking for a
backdoor opened up
by Windows malware.
Why would that concern you?
It does concern me for a number of
reasons.
I was particularly referencing 7777 (hence the
quoted
context). You've
not got anything on that port, and even if you
did, it
wouldn't be
compatible.
I don't think I'd even notice an attempt
to connect to 7777.
Because a connection is not made...
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users
-----La pièce jointe associée suit-----
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users