On Mon, 29 Apr 2019 07:26:23 -0700, Michael Peddemors via mailop
<mailop@mailop.org> wrote:
>PS, pgHammer went quiet yesterday.. either someone caught/killed his C&C
>server, or the actor realized that there was too much attention on the
>activity. That doesn't mean those servers listed should not still be
>taken down, as they are still compromised.. Seems he has one server that
>is still running, he might have lost control of that one.. or just
>testing ..
My provider had me offline for 34 hours starting Friday morning. When things
came back up on Saturday evening, the nine-second "EHLO server{dot}com"
onslaught had abated. Now there is a lower-volume "EHLO ADMIN" effort that
seems to have ramped up significantly in that interval.
Yesterday saw 517 connection attempts for ADMIN, which is about 10% of the
volume for the other in its waning days.
There have been only 9 IPs involved, the vast majority of the attempts coming
from 78.142.19.95.
mdr
--
"There will be more spam."
-- Paul Vixie
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
