Archived material Access restricted Article
Rantburg

Today's Front Page   View All of Fri 09/13/2024 View Thu 09/12/2024 View Wed 09/11/2024 View Tue 09/10/2024 View Mon 09/09/2024 View Sun 09/08/2024 View Sat 09/07/2024
1
2024-09-13 --Tech & Moderator Notes
Under a spamming attack
Archived material is restricted to Rantburg regulars and members. If you need access email fred.pruitt=at=gmail.com with your nick to be added to the members list. There is no charge to join Rantburg as a member.
Posted by badanov 2024-09-13 09:45|| || Front Page|| [11134 views ]  Top

#1 The site opened immediately for me, badanov, so you’re doing something right.

Thank you.
Posted by trailing wife 2024-09-13 10:34||   2024-09-13 10:34|| Front Page Top

#2 R B Working here also.

But also had a strange issue pop updown here in GA. Certain sites became unreachable using our
ISP's DNS address routing. We Switched to another Alt DNS, and the problem was corrected.

It seems the ISP DNS had/has been "adjusted" to drop certain sites.
Posted by NN2N1 2024-09-13 10:45||   2024-09-13 10:45|| Front Page Top

#3 Site works fine.
Posted by European Conservative 2024-09-13 10:47||   2024-09-13 10:47|| Front Page Top

#4 Its like the voices of the hundred Acolyte fans spammed out at once, trying to make silence.
Posted by swksvolFF 2024-09-13 10:56||   2024-09-13 10:56|| Front Page Top

#5 So far working just fine. They coming in off a bot farm?
Posted by DarthVader 2024-09-13 11:00||   2024-09-13 11:00|| Front Page Top

#6 All the same IP
Posted by Frank G 2024-09-13 11:08||   2024-09-13 11:08|| Front Page Top

#7 No clue.
Posted by badanov 2024-09-13 11:08||   2024-09-13 11:08|| Front Page Top

#8 The upside to all this is that they left the backup site alone.

Prolly sore at the success we have had keeping spam from the officers club.
Posted by badanov 2024-09-13 11:34||   2024-09-13 11:34|| Front Page Top

#9 Same IP then it is just one idiot throwing a tantrum.
Posted by DarthVader 2024-09-13 11:41||   2024-09-13 11:41|| Front Page Top

#10 You guys are really good. Like everyone else I've got no probs.
Posted by alanc 2024-09-13 11:51||   2024-09-13 11:51|| Front Page Top

#11 The other right leaning sites are hit as well. Google is messing with the search engine as well. Citizen free press did not come up in the search and Gateway Pundit goes to some old page and needs to be refreshed to get to the current page. Some passive aggression going on around here...
Posted by 49 Pan 2024-09-13 11:56||   2024-09-13 11:56|| Front Page Top

#12 Have you heard of iptables? You put the spammer's ip address into the iptable and it's like a firewall. Any further queries that come from that ip address are dropped on the floor. In my working days I wrote a Perl script that was activated whenever a 404 Not Found error occurred. Apache had an option to trigger execution of the script. The script would examine the query and, if they were probing for vulnerabilities or otherwise not behaving properly, the script would automatically insert that ip address into the firewall. It got to be big fun to look at all the bad actors in the logs behaving badly and getting all of their subsequent queries dropped. But the logs ended up looking a helluva lot cleaner. Then it was fun to see what from countries the bad queries originated. China was number one, followed by Russia and then Ukraine. Countries like Romania and Malaysia were big too. Fun and games.
Posted by Abu Uluque 2024-09-13 12:05||   2024-09-13 12:05|| Front Page Top

#13 ^ Awaiting the cavalry as we speak...
Posted by badanov 2024-09-13 12:07||   2024-09-13 12:07|| Front Page Top

#14 Another thing you can do if you really wanna mess with them is to send a never ending stream of garbage back at them.
Posted by Abu Uluque 2024-09-13 12:08||   2024-09-13 12:08|| Front Page Top

#15 What were the IP & Machine Access Code numbers?

Just asking for Gray Hat friend that has some time on his hands. ☺
Posted by   2024-09-13 12:17||   2024-09-13 12:17|| Front Page Top

#16 196.196.160.24
Posted by Frank G 2024-09-13 12:23||   2024-09-13 12:23|| Front Page Top

#17 Uh oh. Now they’re in truuuuuubbbble, whoever they are….
Posted by trailing wife 2024-09-13 12:27||   2024-09-13 12:27|| Front Page Top

#18 Should be done by now. Good bye South Africa.
Posted by Fred 2024-09-13 12:31||   2024-09-13 12:31|| Front Page Top

#19 Here's some information. Dunno how reliable CleanTalk is but if they are to be believed, the attack comes from Italy.
Posted by Abu Uluque 2024-09-13 12:32||   2024-09-13 12:32|| Front Page Top

#20 This was a spam/SQL injection attempt attack, not a brute force attack.

We were lucky.
Posted by badanov 2024-09-13 12:34||   2024-09-13 12:34|| Front Page Top

#21 Yeah, but now I have carpal tunnel
*whine*
Posted by Frank G 2024-09-13 12:37||   2024-09-13 12:37|| Front Page Top

#22 1/2 the noticed users on the CleanTalk history show Chinese Character names.
Since it's Italy id'ed either a redirection site or some Chinese "students" at some school in Italy.
Posted by 3dc 2024-09-13 13:10||   2024-09-13 13:10|| Front Page Top

#23 The crazy bit is rewriting the protocol in the routers for Ethernet timing could kill these attacks. I patented it decades ago, It got pulled into cellular to deal with stuff like crowds all using cellphones at once but never got pulled into implemented Ethernet.
Posted by 3dc 2024-09-13 13:14||   2024-09-13 13:14|| Front Page Top

#24  Should be done by now. Good bye South Africa.
If only meat-space South Africa was so easy to fix...

Thanks to all who keep the boilers stoked and the wheels from falling off.
Posted by SteveS 2024-09-13 13:16||   2024-09-13 13:16|| Front Page Top

#25 Since it's Italy id'ed either a redirection site or some Chinese "students" at some school in Italy.

@300k Chinese people in Italy

Many drawn by the garment industry.
Posted by Skidmark 2024-09-13 13:40||   2024-09-13 13:40|| Front Page Top

#26  ^ Yeah, that's how covid ravaged Italy so badly.
Posted by Abu Uluque 2024-09-13 14:12||   2024-09-13 14:12|| Front Page Top

#27 Yeah, but now I have carpal tunnel

Didn't you have carpal tunnel before this Frank? :p
Posted by DarthVader 2024-09-13 16:08||   2024-09-13 16:08|| Front Page Top

#28 I order the 'alzheimer's at Cracker Barrel. (Actually, The Old Timer's). Word association rules.
Posted by Besoeker 2024-09-13 16:21||   2024-09-13 16:21|| Front Page Top

#29 #27 - Usually I try "The Strange"
Posted by Frank G 2024-09-13 17:59||   2024-09-13 17:59|| Front Page Top

23:12 Nguard
22:47 trailing wife
22:35 The Walking Unvaxed
22:28 The Walking Unvaxed
22:08 trailing wife
21:48 Old Patriot
21:45 trailing wife
21:34 Silentbrick
21:06 Anomalous Sources
20:59 Anomalous Sources
20:46 ruprecht
20:40 ruprecht
18:18 trailing wife
18:10 swksvolFF
17:59 Frank G
17:58 Airandee
17:57 Frank G
17:44 trailing wife
17:44 Ebbuger Whuque4103
17:41 Ebbuger Whuque4103
17:39 Ebbuger Whuque4103
17:36 Lord Garth
17:35 Ebbuger Whuque4103
16:53 Glavinter Peacock7962









Paypal:
Google
Search WWW Search rantburg.com