bunn

Scrolling quickly through messages telling me which IP addresses have been autoblocked on various websites that I work on, because of dodgy-looking activity over the festive season, I notice that there is a sudden upswing in Russian and Ukrainian IP addresses. (My sites are almost all hosted in the UK, because dealing with the data wrangles of hosting outside the EU is a headache I do not need).

Normally, attempts to get into my websites come largely from the USA and (inexplicably) France. The orthodoxy, I believe, is to assume that these US attacks are not really from the US, but are from US-based machines hijacked from Eastern Europe. (I don't know about the French thing. Nobody else seems to be specially targeted by the French, so I have seen no discussion on it).

I don't know what to make of the sudden prominence of Russian IPs. Have the US authorities cracked down on the hijacked machines? Are the new attacks reported as Russian and Ukrainian, actually now coming from hijackers physically located in the USA, in a kind of weird symmetry? Is it entirely chance?

I'll probably never know. I can only feel vaguely reassured that the software is doing its thing and nobody is complaining.

S	M	T	W	T	F	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Most Popular Tags

acrylics - 76 uses
apples - 23 uses
arty stuff - 303 uses
books - 77 uses
canoe - 24 uses
car - 32 uses
cats - 121 uses
christmas - 44 uses
cornwall - 139 uses
devon - 33 uses
disaster - 29 uses
dog behaviour - 22 uses
dog training - 55 uses
dogs - 498 uses
eagle - 53 uses
figs - 43 uses
films - 30 uses
flighty & scattered - 33 uses
food - 58 uses
foster - 111 uses
garden - 244 uses
gardening - 32 uses
history - 99 uses
holidays - 82 uses
internet - 28 uses
loons - 33 uses
lurcher - 59 uses
lurchers - 81 uses
me - 45 uses
mines - 35 uses
noldor - 98 uses
oldies club - 61 uses
photos - 90 uses
politics - 34 uses
rant - 42 uses
roleplaying - 53 uses
sutcliff - 34 uses
tamar valley - 127 uses
technology - 41 uses
things that make you go hmmm - 56 uses
tolkien - 212 uses
tv - 43 uses
walks - 142 uses
we don't really know - 23 uses
weather - 103 uses
whinge - 53 uses
wildlife - 71 uses
wittering - 84 uses
work - 69 uses
writing - 153 uses

Flat | Top-Level Comments Only

From:

helflaed.livejournal.com

LJ have moved to servers in Russia- could this be it?

bunn.livejournal.com

It seems unlikely: none of my sites have anything to do with Livejournal, the only thing they have in common with LJ is me. It just struck me as unusual: usually it's all US and France, maybe a bit of China, India and Germany.

The number of attempts to get into them has increased vastly over the last few years and we have even been ddosed a bit - I don't think deliberately, I think probably just someone with a botnet being a bit overenthusiastic and filling in ALL THE FORMS at once. It's a pain.

... though actually, you do have a point there, in that that's probably why I noticed it. If I'd riffled through the logs and suddenly it had all been Mexico or India, I'd just have assumed it was a blip. Because of all the blog posts about Russian servers, I stared at them trying to make sense of a pattern.

dhampyresa.livejournal.com

IT WEREN'T ME

Wahaha!

I BET IT IS REALLY. THIS EXPLAINS SO MUCH.

YOU CAN'T PROVE NOTHING

kas2umi.livejournal.com

I don't know if this might help but could it be that someone has been using tor network to access them? I used to use tor a lot in the past year and I noticed that each time I logged into my Gmail account while using tor, I'd get a notification that someone from France/China/Italy etc. logged into my account. The country changed as I would change the settings of which IP route i was using.

Please do ignore my comment if it made no sense or was not at all helpful(i don't know much about these things haha)! >

No, that does make sense! But these notifications are not just for visitors, they are for attempted attacks - ie, some software tried to guess a password, or submit a form with code in the submission, or access a location that would only exist if I was using some gadget that has a known vulnerability. Usually they do it repeatedly and the speed of resubmission is one way you can tell it can't be human.

So I don't think it's just people out there are using Tor to look at my websites, although probably they are, and some of them definitely have international audiences anyway. It was specifically the pattern among attacks that caught my eye.

Oooh, I understand now. Thanks for the clarification! Dunno what more advice to give than to be careful if those attacks continue!

topum.livejournal.com

They had to limit the access to the Moldovan ministry's online database we are using in our work only to domestic Moldovan IPs because otherwise they were hacked dozens of times a day by someone in China, Poland, US, India, Russia. Apparently people will hack anything these days if some obscure Moldovan forestry database gets attacked multiple times a day.

IP's blocked

IP's blocked

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

Profile

January 2026

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags