?

Log in

No account? Create an account

Previous Entry | Next Entry

IP's blocked

Scrolling quickly through messages telling me which IP addresses have been autoblocked on various websites that I work on, because of dodgy-looking activity over the festive season, I notice that there is a sudden upswing in Russian and Ukrainian IP addresses.  (My sites are almost all hosted in the UK, because dealing with the data wrangles of hosting outside the EU is a headache I do not need).

Normally, attempts to get into my websites come largely from the USA and (inexplicably) France.   The orthodoxy, I believe,  is to assume that these US attacks are not really from the US, but are from US-based machines hijacked from Eastern Europe.  (I don't know about the French thing.  Nobody else seems to be specially targeted by the French, so I have seen no discussion on it).

I don't know what to make of the sudden prominence of Russian IPs.  Have the US authorities cracked down on the hijacked machines?  Are the new attacks reported as Russian and Ukrainian, actually now coming from hijackers physically located in the USA, in a kind of weird symmetry?  Is it entirely chance?

I'll probably never know.  I can only feel vaguely reassured that the software is doing its thing and nobody is complaining. 

Comments

( 10 comments — Leave a comment )
helflaed
3rd Jan, 2017 17:43 (UTC)
LJ have moved to servers in Russia- could this be it?
bunn
3rd Jan, 2017 17:58 (UTC)
It seems unlikely: none of my sites have anything to do with Livejournal, the only thing they have in common with LJ is me. It just struck me as unusual: usually it's all US and France, maybe a bit of China, India and Germany.

The number of attempts to get into them has increased vastly over the last few years and we have even been ddosed a bit - I don't think deliberately, I think probably just someone with a botnet being a bit overenthusiastic and filling in ALL THE FORMS at once. It's a pain.
bunn
4th Jan, 2017 08:44 (UTC)
... though actually, you do have a point there, in that that's probably why I noticed it. If I'd riffled through the logs and suddenly it had all been Mexico or India, I'd just have assumed it was a blip. Because of all the blog posts about Russian servers, I stared at them trying to make sense of a pattern.
dhampyresa
3rd Jan, 2017 20:54 (UTC)
IT WEREN'T ME
bunn
3rd Jan, 2017 21:21 (UTC)
Wahaha!

I BET IT IS REALLY. THIS EXPLAINS SO MUCH.
dhampyresa
5th Jan, 2017 21:45 (UTC)
YOU CAN'T PROVE NOTHING
kas2umi
3rd Jan, 2017 22:59 (UTC)
I don't know if this might help but could it be that someone has been using tor network to access them? I used to use tor a lot in the past year and I noticed that each time I logged into my Gmail account while using tor, I'd get a notification that someone from France/China/Italy etc. logged into my account. The country changed as I would change the settings of which IP route i was using.

Please do ignore my comment if it made no sense or was not at all helpful(i don't know much about these things haha)! >
bunn
4th Jan, 2017 08:50 (UTC)
No, that does make sense! But these notifications are not just for visitors, they are for attempted attacks - ie, some software tried to guess a password, or submit a form with code in the submission, or access a location that would only exist if I was using some gadget that has a known vulnerability. Usually they do it repeatedly and the speed of resubmission is one way you can tell it can't be human.

So I don't think it's just people out there are using Tor to look at my websites, although probably they are, and some of them definitely have international audiences anyway. It was specifically the pattern among attacks that caught my eye.
kas2umi
4th Jan, 2017 11:28 (UTC)
Oooh, I understand now. Thanks for the clarification! Dunno what more advice to give than to be careful if those attacks continue!
topum
7th Jan, 2017 22:26 (UTC)
They had to limit the access to the Moldovan ministry's online database we are using in our work only to domestic Moldovan IPs because otherwise they were hacked dozens of times a day by someone in China, Poland, US, India, Russia. Apparently people will hack anything these days if some obscure Moldovan forestry database gets attacked multiple times a day.
( 10 comments — Leave a comment )

Latest Month

November 2017
S M T W T F S
   1234
567891011
12131415161718
19202122232425
2627282930  

Tags

Powered by LiveJournal.com
Designed by Lilia Ahner