are the hamsters poorly?

Latest Articles

are the hamsters poorly?
Page Previous 1, 2, 3, 4, 5 Next

Downsizer Forum Index -> IT Matters

Author

Message

jema
Downsizer Moderator

Joined: 28 Oct 2004
Posts: 28118
Location: escaped from Swindon

Posted: Tue Jan 09, 24 10:50 am Post subject:
We seem to have a bit of an attack going on. I'm seeing what I can do.

jema
Downsizer Moderator

Joined: 28 Oct 2004
Posts: 28118
Location: escaped from Swindon

Posted: Tue Jan 09, 24 10:55 am Post subject:
The offending ip was 47.76.35.19 which is : NetName: ALIBABA CLOUD HK There may be a few others I need to block.

jema
Downsizer Moderator

Joined: 28 Oct 2004
Posts: 28118
Location: escaped from Swindon

Posted: Tue Jan 09, 24 11:55 am Post subject:
The ip address has been reported 100s of times as abusive.

dpack

Joined: 02 Jul 2005
Posts: 45521
Location: yes

Posted: Tue Jan 09, 24 1:09 pm Post subject:
they seem normally active at the mo ed they being hamsters rather than hostiles

gz

Joined: 23 Jan 2009
Posts: 8617
Location: Ayrshire, Scotland

Posted: Tue Jan 09, 24 1:12 pm Post subject:
Thankyou

dpack

Joined: 02 Jul 2005
Posts: 45521
Location: yes

Posted: Tue Jan 09, 24 2:10 pm Post subject:
still running in the wheels thanks, hope the stoat hole in the hamster castle can be mended without too much bother

jema
Downsizer Moderator

Joined: 28 Oct 2004
Posts: 28118
Location: escaped from Swindon

Posted: Tue Jan 09, 24 3:26 pm Post subject:
As of the moment they seem to have given up.

Mistress Rose

Joined: 21 Jul 2011
Posts: 15600

Posted: Wed Jan 10, 24 8:04 am Post subject:
Thanks. Seems to be working all right again now.

jema
Downsizer Moderator

Joined: 28 Oct 2004
Posts: 28118
Location: escaped from Swindon

Posted: Wed Jan 10, 24 8:45 am Post subject:
And we now have the tools to deal with it happening again. It's ironic really, when I was running loads of forums I obviously had a million tools in place to the point where it wall all routine. But those tools where not on place on downsizer and it has been probably 15 years since I last had to get back to basics. So twas a bit of a challenge. But as I say all to the good really.

sean
Downsizer Moderator

Joined: 28 Oct 2004
Posts: 42207
Location: North Devon

Posted: Wed Jan 10, 24 5:30 pm Post subject:
Thank you. It's appreciated.

tahir

Joined: 28 Oct 2004
Posts: 45434
Location: Essex

Posted: Wed Jan 10, 24 5:34 pm Post subject:
Yep, well done as always

dpack

Joined: 02 Jul 2005
Posts: 45521
Location: yes

Posted: Wed Jan 10, 24 7:56 pm Post subject:

thirded, did you notice what the payload or intended harvest might have been?

curiosity can be bad for cats, but time spent on intel is never wasted

a HK isp is not an evidential indication of origin, what were they trying to do? that might supply some hints as to who as well as why

what first attracted them to us?

should we flame them if we find out?

im up for attempting the catbelling if the tech can show me some breadcrumbs

plenty of black hats have been proven very slack at operational security and open to counter measures

i am fascinated as to their motives, if we know that it will hint at origin

jema
Downsizer Moderator

Joined: 28 Oct 2004
Posts: 28118
Location: escaped from Swindon

Posted: Thu Jan 11, 24 7:11 am Post subject:
Absolutely no clue. Literally everything was getting hit including private message urls. But I don't think anyone actually had access, only guests were showing online.

dpack

Joined: 02 Jul 2005
Posts: 45521
Location: yes

Posted: Thu Jan 11, 24 1:40 pm Post subject:

hit by birdshot from a DoS punt gun?

we are not the target but we"live"within the target or a general DoS at all similar systems is plausible

if it aint data harvest or ransom, financial gain seems unlikely and disruption might be a plausible motive, be that as part of a cyberwar or as "i/we can do this" from an individual or pals group

it seems unlikely we have been singled out as there have been multiple complaints about the activity from that IP
what is the range of the complainants? an interesting direction to look at, is there a common factor among "victims"?
it might be technical or it might be content or "inhabitants" that makes a target possible or worthwhile
fixing the stoathole was relatively easy, ie it did not create multiple self replicating holes, so it is low level infiltration software

although it is bothersome it appears to have thrown things about rather than stolen the treasure or burnt down the palace, again apparently low level, but lots of such things could be a cyberwar tool for deniable disruption

not a day zero very bad thing

the inference from that is they did not write the code just for us, and possibly the users/owners of the IP are at best compilers and maybe just bought the code as a toolkit for a few tiny bits of bitcoin and are playing "hacker" in mom's basement

dpack

Joined: 02 Jul 2005
Posts: 45521
Location: yes

Posted: Thu Mar 28, 24 10:47 am Post subject:
have the hamsters found a way to order darkweb benzos? maybe they are washing the holi powder paint out of their fur? whatever they are slacking in the wheels this morning

	Downsizer Forum Index -> IT Matters	All times are GMT Page Previous 1, 2, 3, 4, 5 Next
Page 4 of 5

View Latest Posts