[GLLUG] Getting hammered with connections to port 80
Chris Bell
chrisbell at chrisbell.org.uk
Sat Sep 29 12:24:33 UTC 2018
On Saturday, 29 September 2018 12:06:07 BST Tim Woodall via GLLUG wrote:
> On Sat, 29 Sep 2018, John Winters via GLLUG wrote:
> > On 29/09/18 11:31, Tim Woodall via GLLUG wrote:
> >> Does anyone know what these guys are trying to do?
> >
> > DDoS attack?
>
My mail gateway logs show a steadily growing number of spam rejections,
occasional bursts of relay attempts, and a trickle of attempts to access and
hack into my webserver via port 25. The webserver also reports plenty of
attention. Most of the traffic appears to be aimed at a Microsoft installation
from Microsoft boxes. The mail gateway and webserver are different boxes.
Years ago I received a series of relay attempts sent from Tiscali, and I
noticed that another arrived as soon as I sent a report to Tiscali, so I sent
a report via my ISP that they could be coming from an employee at Tiscali.
They stopped arriving, but for some time recently until 8 days ago I have
received daily relay attempts to spameri at tiscali.it which normally arrive from
data centres in Iceland. These could have been from the same person.
--
Chris Bell
Website http://chrisbell.org.uk
More information about the GLLUG
mailing list