94.103.149.115 is the IP BOINCstats uses to communicate with the outside world. Connecting with accounts and passing authenticators is expected behavior for a Account Manager.
Willy. On 4 March 2015 at 16:47, Rytis Slatkevičius <[email protected]> wrote: > FYI > > Pagarbiai, > Rytis Slatkevičius > +370 670 77777 > ---------- Forwarded message ---------- > From: "Jonathan Miller" <[email protected]> > Date: Mar 4, 2015 5:01 PM > Subject: [boinc_dev] Malicious hosts? > To: "BOINC Developers" <[email protected]> > Cc: > > Hi Chaps, > > ...mostly as a FYI > I keep finding problems with my servers associated with the two following > IP addresses; > > 94.103.149.115 > 91.121.209.53 > > They seem to be trying to break into accounts, by repeatedly passing > authenticators to the login scripts. > I seems to be BOINC specific, rather than a generic attack. > > Interestingly, the top post for the first IP is: > http://lists.ssl.berkeley.edu/pipermail/boinc_dev/2014-July/021187.html > > ...and its IP is similar to the registered IP for boincstats.com > > If anyone thinks these IP addresses are benign, I would love to learn > more, otherwise I am blocking them. > > > Jonathan Miller > System Administrator > ClimatePrediction.Net, University of Oxford > Tel: 01865 610680 > > > _______________________________________________ > boinc_dev mailing list > [email protected] > http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev > To unsubscribe, visit the above URL and > (near bottom of page) enter your email address. > _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
