bunn

Scrolling quickly through messages telling me which IP addresses have been autoblocked on various websites that I work on, because of dodgy-looking activity over the festive season, I notice that there is a sudden upswing in Russian and Ukrainian IP addresses. (My sites are almost all hosted in the UK, because dealing with the data wrangles of hosting outside the EU is a headache I do not need).

Normally, attempts to get into my websites come largely from the USA and (inexplicably) France. The orthodoxy, I believe, is to assume that these US attacks are not really from the US, but are from US-based machines hijacked from Eastern Europe. (I don't know about the French thing. Nobody else seems to be specially targeted by the French, so I have seen no discussion on it).

I don't know what to make of the sudden prominence of Russian IPs. Have the US authorities cracked down on the hijacked machines? Are the new attacks reported as Russian and Ukrainian, actually now coming from hijackers physically located in the USA, in a kind of weird symmetry? Is it entirely chance?

I'll probably never know. I can only feel vaguely reassured that the software is doing its thing and nobody is complaining.

S	M	T	W	T	F	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Most Popular Tags

acrylics - 76 uses
apples - 23 uses
arty stuff - 303 uses
books - 77 uses
canoe - 24 uses
car - 32 uses
cats - 121 uses
christmas - 44 uses
cornwall - 139 uses
devon - 33 uses
disaster - 29 uses
dog behaviour - 22 uses
dog training - 55 uses
dogs - 498 uses
eagle - 53 uses
figs - 43 uses
films - 30 uses
flighty & scattered - 33 uses
food - 58 uses
foster - 111 uses
garden - 244 uses
gardening - 32 uses
history - 99 uses
holidays - 82 uses
internet - 28 uses
loons - 33 uses
lurcher - 59 uses
lurchers - 81 uses
me - 45 uses
mines - 35 uses
noldor - 98 uses
oldies club - 61 uses
photos - 90 uses
politics - 34 uses
rant - 42 uses
roleplaying - 53 uses
sutcliff - 34 uses
tamar valley - 127 uses
technology - 41 uses
things that make you go hmmm - 56 uses
tolkien - 212 uses
tv - 43 uses
walks - 142 uses
we don't really know - 23 uses
weather - 103 uses
whinge - 53 uses
wildlife - 71 uses
wittering - 84 uses
work - 69 uses
writing - 153 uses

Flat | Top-Level Comments Only

From:

bunn.livejournal.com

No, that does make sense! But these notifications are not just for visitors, they are for attempted attacks - ie, some software tried to guess a password, or submit a form with code in the submission, or access a location that would only exist if I was using some gadget that has a known vulnerability. Usually they do it repeatedly and the speed of resubmission is one way you can tell it can't be human.

So I don't think it's just people out there are using Tor to look at my websites, although probably they are, and some of them definitely have international audiences anyway. It was specifically the pattern among attacks that caught my eye.

kas2umi.livejournal.com

Oooh, I understand now. Thanks for the clarification! Dunno what more advice to give than to be careful if those attacks continue!

IP's blocked

IP's blocked

no subject

no subject

Profile

January 2026

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags