The web site is offline?

rconn

Administrator
Staff member
May 14, 2008
10,504
94
#6
Rex, I think you should add a banner to the website saying something like "Not affiliated with the Department of Defense"....
We get attacked periodically by two (apparently? ostensibly?) different groups from China -- what appears to be criminal hacker groups looking for passwords & credit card numbers, and another set (somewhat more inept -- government sponsored?) who appear to be searching for code. Since we don't have either on the JP Software website, they're wasting their time, but perhaps the possibility of causing disruptions on our website is enough to satisfy the second group.
 
#7
When they start picking on me ...
Code:
v:\> alias ipblock
netsh advfirewall firewall add rule name=aablock_%1 dir=in action=block enable=yes localip=any remoteip=%1
Code:
ipblock 218.0.0.0-223.255.255.255
is a good start. Would you like a list that covers about 98% of Asia?
 
#9
I'm already blocking them. But they're beating on the door hard enough (> 1000 attempted accesses per second) that they're causing some spotty access timeouts.
Are ISPs amenable to helping out in such situations? ... blocking at a higher level?
The few times this has happened to me (that I'm aware of ... never causing any harm or even inconvenience) the attacks have been from a single IP in a block of dynamically assigned IPs used by some ISP over there. I figure it's a stand-alone hacker.
 

Charles Dye

Super Moderator
Staff member
May 20, 2008
3,575
46
Albuquerque, NM
prospero.unm.edu
#10
We get attacked periodically by two (apparently? ostensibly?) different groups from China -- what appears to be criminal hacker groups looking for passwords & credit card numbers, and another set (somewhat more inept -- government sponsored?) who appear to be searching for code. Since we don't have either on the JP Software website, they're wasting their time, but perhaps the possibility of causing disruptions on our website is enough to satisfy the second group.
Hmp. I'd be tempted to generate a few hundred thousand "credit card numbers", complete with expiration dates, and put 'em someplace the script monkeys could find. Give them something to play with. But I guess that would just drive them into a blood frenzy; it's probably a good thing I'm not running your web site!
 

rconn

Administrator
Staff member
May 14, 2008
10,504
94
#11
This attack is coming from at least several hundred (possibly several thousand; haven't isolated them all yet) IP addresses, most of which appear to be bots. New ones are added continually.

If it follows the same pattern as previous attacks, it'll peter out in another day or two when they decide to shift their attention to a more worthwhile target.