Last week a website running Wordpress on a shared hosting server experienced a HTTP DDOS attack - which actually was a brute force attack on the wp-login.php page. A total of 1723 IPv4 addresses launched the bruteforce attack - forcing the Apache webserver on that particular server to refuse doing his work (all slots closed).
When I finally moved the site, the attacks continued (of course) but at least the web server just delivered 404 error pages and could at least do his job again. After around 2 hours the attacks slowed down and at the end there were only a couple of same IP addresses still trying to access wp-login.php. One of these addresses was 182.58.184.251 - an address belonging to the Indian provider MTNL Delhi (http://mtnldelhi.in/). Besides having a website looking like from the early 90's (OK, if you like it) their abuse e-mail address doesn't work.
I wrote to networkabuse@bol.net.in , which was officially listed in the whois information of the offending IP address as abuse mailbox, complaining about the IP and that they should check or cut the access. Now, 8 days later, I got the following e-mail back:
Your message has been enqueued and undeliverable for 7 days
to the following recipients:
Recipient address: networkabuse@ims-ms-daemon
Original address: networkabuse@bol.net.in
Reason: unable to deliver this message after 7 days
Delivery attempt history for your mail:
Tue, 3 Sep 2013 20:36:55 +0530 (IST)
System I/O error. Administrator, check server log for details.
[...]
Sun, 1 Sep 2013 00:36:55 +0530 (IST)
System I/O error. Administrator, check server log for details.
Sat, 31 Aug 2013 20:36:55 +0530 (IST)
System I/O error. Administrator, check server log for details.
The mail system will continue to try to deliver your message
for an additional 7 days.
Looks like they have set an invalid forwarding e-mail address as final recipient in their mailserver ... D'oh!
Please people, get your act together.
No comments yet.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb Icingaweb2 Influx Internet Java KVM Kibana Kodi Kubernetes LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder