[GLLUG] Getting hammered with connections to port 80

Chris Bell chrisbell at chrisbell.org.uk
Sat Sep 29 12:24:33 UTC 2018

On Saturday, 29 September 2018 12:06:07 BST Tim Woodall via GLLUG wrote:
> On Sat, 29 Sep 2018, John Winters via GLLUG wrote:
> > On 29/09/18 11:31, Tim Woodall via GLLUG wrote:
> >> Does anyone know what these guys are trying to do?
> > 
> > DDoS attack?
My mail gateway logs show a steadily growing number of  spam rejections, 
occasional bursts of relay attempts, and a trickle of attempts to access and 
hack into my webserver via port 25. The webserver also reports plenty of 
attention. Most of the traffic appears to be aimed at a Microsoft installation 
from Microsoft boxes. The mail gateway and webserver are different boxes.

Years ago I received a series of relay attempts sent from Tiscali, and I 
noticed that another arrived as soon as I sent a report to Tiscali, so I sent 
a report via my ISP that they could be coming from an employee at Tiscali.
They stopped arriving, but for some time recently until 8 days ago I have 
received daily relay attempts to spameri at tiscali.it which normally arrive from 
data centres in Iceland. These could have been from the same person.

Chris Bell
Website http://chrisbell.org.uk

More information about the GLLUG mailing list