Sujet : Re: 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts
De : noc (at) *nospam* inter-corporate.com (Randolf Richardson 張文道)
Groupes : news.admin.net-abuse.emailDate : 12. Jul 2024, 19:00:34
Autres entêtes
Organisation : Inter-Corporate Computer & Network Services, Inc. -- Simplifying complexity
Message-ID : <20240712110034.b52c22619e2879ae6d5b8729@inter-corporate.com>
References : 1 2
User-Agent : Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
On Fri, 12 Jul 2024 09:53:10 +0200
Marco Moock <mm+
usenet-es@dorfdsl.de> wrote:
On 11.07.2024 um 11:04 Uhr Randolf Richardson 張文道 wrote:
I'm wondering, has anyone encountered attacks from
any other IP addresses in this /24? I'm not finding
anything aside from 95.51.2.78 in our logs.
I assume this is just a hacked machine that is being part of a botnet.
It isn't even listed on uceprotect, spamhaus nor blocklist, so the
amount of attacks to a wide range of addresses isn't that much.
This fits with what I suspected. Thanks for taking a
look into it.
fail2ban should handle that.
Indeed. :)
-- Randolf Richardson 張文道, CNA - noc@inter-corporate.comInter-Corporate Computer & Network Services, Inc.Beautiful British Columbia, Canadahttps://www.inter-corporate.com/