On Mon, 8 Apr 2019 08:35:48 -0700, Michael Peddemors <[email protected]>
wrote:
>Don't even get us started on the AUTH Attacks ;)
>
>Course, those (server.com) are coming from all the Content Delivery
>Networks.. Thankfully, that bot net is less than 1000 IP(s) strong still.
>
>But the AUTH attacks related to server.com look to be all compromised
>servers, and based on the start of the attack, probably based out of
>Bangledesh area, most of the IP(s) appear to have the Postgres port
>open.. suspect that might have been the attack vector...
We have seen 606 individual IPs, and a total of 55346 connection attempts over
the past 7 days. Less than 5% of the IPs I have spot-checked against major
blacklist/blocklist operations show as listed. Very few have rDNS.
Interesting.
mdr
--
Sometimes half-ass is exactly the right amount of ass.
-- Wonderella
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
