Being hammered by an IP belonging to Vrtservers.net
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Being hammered by an IP belonging to Vrtservers.net
Is anyone else here being bombarded by IP 64.56.65.150?
The reason I ask is that if you put that IP into a web browser, it points to a very suspicious page that appears to be logging questionable activity. In fact, last month, I reported the IP to ISC.sans.org and they stated that they'd help to get the server taken down, as it was positively hammering my public server and hammering my home network. Using links, I perused the logs listed there and there was a TON of IPs listed. It took about 3 weeks for the site to stop pounding my firewalls, but apparently whoever owns that webserver just restored the latest backup because almost immediately, the machine was popped and began scanning again.
I've like 5000 entries in my logs, going back a month. Luckily, the IP isn't hammering my home account this time...yet. Previously, the IP was attempting mysql connections. It is now trying port 80 and 113.
I haven't been able to find much, other than ISC.sans.org's history of abuse reported by few others.
Reading up on Vrtservers.net, it does appear that many people have complained about the owner of the business. Is there a way to get this IP added to a blacklist? whois.sc currently shows that the IP isn't listed at spamhaus.
I'm not so worried, as traffic is being blocked totally. Seeing this in the logs is highly annoying, though, and my worry is that at some point, if this person is persistent, he/she may eventually get in.
Anyone ever dealt with something like this before?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.