Gene Heskett wrote: > over the last 90 days or so, we seem to have been plauged with a new > breed of bots scanning our web pages, and they are not just indexing our > web pages I don't mind that, but they are ignoring our robots.txt and > are mirroring anything apache2 can reach, including stuff thats there > but not reachable by a normal browser just looking around and clicking > on links. Its annoying as hell and when you're out in the pucker-brush > on a 10 megabit ADSL, eats up ones available upload bandwidth of about > 275kbytes/s. According to my cable billing, these A-H's used over 100Gb > of my bandwidth in Nov 2019. That describes in printable language as a > DDOS in my vocabulary. >
I have same observations at home. I have setup the modem (ADSL) with WLAN infront of the firewall. I block everything except 3 ports: 80 - for the web server 8080 - for the openvpn 22222 - for the SSH I recently replaced a very old firewall script with shorewall and started monitoring the activities in the logs. So it shows too many drops, which I think are port scanners. On the server listening on the open ports in apache, openvpn and ssh I see also the attacks described. The webserver shows content scanners or someone trying to exploit services. SSH and openvpn show signs of brute force attacks. I was wondering if its normal, but now I think it is and I am sure few months ago it was not. Gene is right - it started perhaps 3 months ago, while before it was from time to time. I can not say how much bandwith gets lost. I do not have much to share with the world from this PC :) but it is indeed annoying. regards