On Mon, 8 Apr 2019 08:35:48 -0700, Michael Peddemors <mich...@linuxmagic.com> wrote:
>Don't even get us started on the AUTH Attacks ;) > >Course, those (server.com) are coming from all the Content Delivery >Networks.. Thankfully, that bot net is less than 1000 IP(s) strong still. > >But the AUTH attacks related to server.com look to be all compromised >servers, and based on the start of the attack, probably based out of >Bangledesh area, most of the IP(s) appear to have the Postgres port >open.. suspect that might have been the attack vector... We have seen 606 individual IPs, and a total of 55346 connection attempts over the past 7 days. Less than 5% of the IPs I have spot-checked against major blacklist/blocklist operations show as listed. Very few have rDNS. Interesting. mdr -- Sometimes half-ass is exactly the right amount of ass. -- Wonderella _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop