On Sun, 2014-03-09 at 22:19 +0000, Chris scripted:
(Please trim inclusions from previous messages) _______________________________________________ Over the past few weeks, the portal has been subject to several brute force attacks on random usernames. In the past few days some accounts have been compromised because they used weak passwords. The attackers didn't do anything with any of the compromised accounts, it was most likely a script collecting valid usernames & passwords for later use.
This has been occurring across certain subnets of 44/8 for at least 8-10 months that I know of. Recently it's been so horrible I almost was tempted to shut down. 100,000+ frames/min brute force attacks on spoofed IPs were too much to handle. Most of it was udp 53 and tcp 80, with an occasional icmp frame tossed in for good luck along with a few on 443. Local iptables rules weren't enough because the frames were still getting to the main server here. Installing rules at the router was the only help. They're too fast and furious.
From what I can tell they've moved onto 44.154/16 at this moment.