[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new, not nice web bots disposal

Gene Heskett wrote:

> over the last 90 days or so, we seem to have been plauged with a new
> breed of bots scanning our web pages, and they are not just indexing our
> web pages I don't mind that, but they are ignoring our robots.txt and
> are  mirroring anything apache2 can reach, including stuff thats there
> but not reachable by a normal browser just looking around and clicking
> on links.  Its annoying as hell and when you're out in the pucker-brush
> on a 10 megabit ADSL, eats up ones available upload bandwidth of about
> 275kbytes/s.  According to my cable billing, these A-H's used over 100Gb
> of my bandwidth in Nov 2019. That describes in printable language as a
> DDOS in my vocabulary.

I have same observations at home. I have setup the modem (ADSL) with WLAN
infront of the firewall. I block everything except 3 ports: 
80 - for the web server
8080 - for the openvpn
22222 - for the SSH

I recently replaced a very old firewall script with shorewall and started
monitoring the activities in the logs. So it shows too many drops,  which I
think are port scanners.

On the server listening on the open ports in apache, openvpn and ssh I see
also the attacks described.
The webserver shows content scanners or someone trying to exploit services.
SSH and openvpn show signs of brute force attacks. I was wondering if its
normal, but now I think it is and I am sure few months ago it was not. Gene
is right - it started perhaps 3 months ago, while before it was from time
to time.

I can not say how much bandwith gets lost. I do not have much to share with
the world from this PC :) but it is indeed annoying.


Reply to: