Home Page
   Articles
       links
About Us    
Traders        
Recipes            
Latest Articles
are the hamsters poorly?
Page Previous  1, 2, 3, 4, 5, 6, 7  Next
 
Post new topic   Reply to topic    Downsizer Forum Index -> IT Matters
Author 
 Message
jema
Downsizer Moderator


Joined: 28 Oct 2004
Posts: 28239
Location: escaped from Swindon
PostPosted: Tue Jan 09, 24 10:50 am    Post subject: Reply with quote
    

We seem to have a bit of an attack going on.
I'm seeing what I can do.

jema
Downsizer Moderator


Joined: 28 Oct 2004
Posts: 28239
Location: escaped from Swindon
PostPosted: Tue Jan 09, 24 10:55 am    Post subject: Reply with quote
    

The offending ip was 47.76.35.19
which is :
NetName: ALIBABA CLOUD HK


There may be a few others I need to block.

jema
Downsizer Moderator


Joined: 28 Oct 2004
Posts: 28239
Location: escaped from Swindon
PostPosted: Tue Jan 09, 24 11:55 am    Post subject: Reply with quote
    

The ip address has been reported 100s of times as abusive.

dpack



Joined: 02 Jul 2005
Posts: 46249
Location: yes
PostPosted: Tue Jan 09, 24 1:09 pm    Post subject: Reply with quote
    

they seem normally active at the mo

ed they being hamsters rather than hostiles

gz



Joined: 23 Jan 2009
Posts: 8957
Location: Ayrshire, Scotland
PostPosted: Tue Jan 09, 24 1:12 pm    Post subject: Reply with quote
    

Thankyou

dpack



Joined: 02 Jul 2005
Posts: 46249
Location: yes
PostPosted: Tue Jan 09, 24 2:10 pm    Post subject: Reply with quote
    

still running in the wheels

thanks, hope the stoat hole in the hamster castle can be mended without too much bother

jema
Downsizer Moderator


Joined: 28 Oct 2004
Posts: 28239
Location: escaped from Swindon
PostPosted: Tue Jan 09, 24 3:26 pm    Post subject: Reply with quote
    

As of the moment they seem to have given up.

Mistress Rose



Joined: 21 Jul 2011
Posts: 15998

PostPosted: Wed Jan 10, 24 8:04 am    Post subject: Reply with quote
    

Thanks. Seems to be working all right again now.

jema
Downsizer Moderator


Joined: 28 Oct 2004
Posts: 28239
Location: escaped from Swindon
PostPosted: Wed Jan 10, 24 8:45 am    Post subject: Reply with quote
    

And we now have the tools to deal with it happening again.
It's ironic really, when I was running loads of forums I obviously had a million tools in place to the point where it wall all routine.
But those tools where not on place on downsizer and it has been probably 15 years since I last had to get back to basics. So twas a bit of a challenge.
But as I say all to the good really.

sean
Downsizer Moderator


Joined: 28 Oct 2004
Posts: 42219
Location: North Devon
PostPosted: Wed Jan 10, 24 5:30 pm    Post subject: Reply with quote
    

Thank you. It's appreciated.

tahir



Joined: 28 Oct 2004
Posts: 45676
Location: Essex
PostPosted: Wed Jan 10, 24 5:34 pm    Post subject: Reply with quote
    

Yep, well done as always

dpack



Joined: 02 Jul 2005
Posts: 46249
Location: yes
PostPosted: Wed Jan 10, 24 7:56 pm    Post subject: Reply with quote
    

thirded, did you notice what the payload or intended harvest might have been?

curiosity can be bad for cats, but time spent on intel is never wasted

a HK isp is not an evidential indication of origin, what were they trying to do? that might supply some hints as to who as well as why

what first attracted them to us?

should we flame them if we find out?

im up for attempting the catbelling if the tech can show me some breadcrumbs

plenty of black hats have been proven very slack at operational security and open to counter measures

i am fascinated as to their motives, if we know that it will hint at origin

jema
Downsizer Moderator


Joined: 28 Oct 2004
Posts: 28239
Location: escaped from Swindon
PostPosted: Thu Jan 11, 24 7:11 am    Post subject: Reply with quote
    

Absolutely no clue. Literally everything was getting hit including private message urls. But I don't think anyone actually had access, only guests were showing online.

dpack



Joined: 02 Jul 2005
Posts: 46249
Location: yes
PostPosted: Thu Jan 11, 24 1:40 pm    Post subject: Reply with quote
    

hit by birdshot from a DoS punt gun?

we are not the target but we"live"within the target or a general DoS at all similar systems is plausible

if it aint data harvest or ransom, financial gain seems unlikely and disruption might be a plausible motive, be that as part of a cyberwar or as "i/we can do this" from an individual or pals group

it seems unlikely we have been singled out as there have been multiple complaints about the activity from that IP
what is the range of the complainants? an interesting direction to look at, is there a common factor among "victims"?
it might be technical or it might be content or "inhabitants" that makes a target possible or worthwhile
fixing the stoathole was relatively easy, ie it did not create multiple self replicating holes, so it is low level infiltration software

although it is bothersome it appears to have thrown things about rather than stolen the treasure or burnt down the palace, again apparently low level, but lots of such things could be a cyberwar tool for deniable disruption

not a day zero very bad thing

the inference from that is they did not write the code just for us, and possibly the users/owners of the IP are at best compilers and maybe just bought the code as a toolkit for a few tiny bits of bitcoin and are playing "hacker" in mom's basement

dpack



Joined: 02 Jul 2005
Posts: 46249
Location: yes
PostPosted: Thu Mar 28, 24 10:47 am    Post subject: Reply with quote
    

have the hamsters found a way to order darkweb benzos?

maybe they are washing the holi powder paint out of their fur?

whatever they are slacking in the wheels this morning

Post new topic   Reply to topic    Downsizer Forum Index -> IT Matters All times are GMT
Page Previous  1, 2, 3, 4, 5, 6, 7  Next
Page 4 of 7
View Latest Posts View Latest Posts

 

Archive
Powered by php-BB © 2001, 2005 php-BB Group
Style by marsjupiter.com, released under GNU (GNU/GPL) license.
Copyright � 2004 marsjupiter.com