Thread: Attack against postgresql.org ...
There are some days where High Speed Internet for Personal use just should never have been invented ... Over the past 24 hours, we've been experiencing a problem with the network that has taken us a bit to identify as being at our end, and a little bit longer to identify as being with the postgresql.org vServer ... someone is attacking it ... our provider has blocked the IP for now, so that direct access to the vServer isn't possible, but due to the delivery rules, and MXs, email should still flow properly ... The attacking IP, from the logs, appears to be "87.230.6.96" ... I'm lowering the TTL for the the DNS right now, and, if this persists past a few hours, I will change the IP and hope that they are attacking the IP, and not the domain ... ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664
"Marc G. Fournier" <scrappy@postgresql.org> writes:
> The attacking IP, from the logs, appears to be "87.230.6.96" ...
Perhaps a complaint to their ISP is in order --- RIPE suggests
net-abuse@hosteurope.de
regards, tom lane
On Fri, 2006-07-28 at 17:37, Tom Lane wrote: > "Marc G. Fournier" <scrappy@postgresql.org> writes: > > The attacking IP, from the logs, appears to be "87.230.6.96" ... > > Perhaps a complaint to their ISP is in order --- RIPE suggests > net-abuse@hosteurope.de That looks 1 level too high, the immediate source seems to be http://www.ehost.pl/onas.php They could probably act faster and more at the source... down on the page from the link above you can find abuse@ehost.pl for complaints. Cheers, Csaba. $> nslookup 87.230.6.96 Server: 192.168.1.4 Address: 192.168.1.4#53 Non-authoritative answer: 96.6.230.87.in-addr.arpa name = vpsdws.xip.pl. Authoritative answers can be found from: 6.230.87.in-addr.arpa nameserver = dns.hosteurope.de. 6.230.87.in-addr.arpa nameserver = dns2.hosteurope.de. dns.hosteurope.de internet address = 80.237.128.156 dns2.hosteurope.de internet address = 80.237.129.61 $> whois xip.pl [Querying whois.dns.pl] [whois.dns.pl] % This is the NASK WHOIS Server. % This server provides information only for PL domains. % For more info please see http://www.dns.pl/english/whois.html Domain object: domain: xip.pl registrant's handle: dinz5du40 (CORPORATE) nservers: ns1.ehost.pl.[80.237.184.22] ns2.ehost.pl.[83.149.119.142] created: 2003.10.06 last modified: 2005.09.19 registrar: Dinfo Systemy Internetowe ul. Mostowa 5 43-300 Bielsko-Biala Polska/Poland +48.33 8225471 biuro@dinfo.pl option: the domain name has not option Subscribers Contact object: company: eHost s.c. organization: eHost.pl street: Cichockiego 13/6 city: 24-100 Pulawy location: PL handle: dinz5du40 phone: +48.502533333 last modified: 2004.11.03 registrar: Dinfo Systemy Internetowe ul. Mostowa 5 43-300 Bielsko-Biala Polska/Poland +48.33 8225471 biuro@dinfo.pl Technical Contact: company: eHost s.c. organization: eHost.pl street: Cichockiego 13/6 city: 24-100 Pulawy location: PL handle: dinz5du40 phone: +48.502533333 last modified: 2004.11.03 registrar: Dinfo Systemy Internetowe ul. Mostowa 5 43-300 Bielsko-Biala Polska/Poland +48.33 8225471 biuro@dinfo.pl
On Fri, 28 Jul 2006 17:51:11 +0200 Csaba Nagy <nagy@ecircle-ag.com> wrote: > > Perhaps a complaint to their ISP is in order --- RIPE suggests > > net-abuse@hosteurope.de > > That looks 1 level too high, the immediate source seems to be > http://www.ehost.pl/onas.php I would go to both. ehost.pl could very well be some kid in his parent's basement and may be the problem. RIPE says that hosteurope.de is responsible for that IP. You have to take them at their word. -- D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
I have email'd both, thanks ... On Fri, 28 Jul 2006, Csaba Nagy wrote: > On Fri, 2006-07-28 at 17:37, Tom Lane wrote: >> "Marc G. Fournier" <scrappy@postgresql.org> writes: >>> The attacking IP, from the logs, appears to be "87.230.6.96" ... >> >> Perhaps a complaint to their ISP is in order --- RIPE suggests >> net-abuse@hosteurope.de > > That looks 1 level too high, the immediate source seems to be > http://www.ehost.pl/onas.php > > They could probably act faster and more at the source... down on the > page from the link above you can find abuse@ehost.pl for complaints. > > Cheers, > Csaba. > > > $> nslookup 87.230.6.96 > Server: 192.168.1.4 > Address: 192.168.1.4#53 > > Non-authoritative answer: > 96.6.230.87.in-addr.arpa name = vpsdws.xip.pl. > > Authoritative answers can be found from: > 6.230.87.in-addr.arpa nameserver = dns.hosteurope.de. > 6.230.87.in-addr.arpa nameserver = dns2.hosteurope.de. > dns.hosteurope.de internet address = 80.237.128.156 > dns2.hosteurope.de internet address = 80.237.129.61 > > > > $> whois xip.pl > [Querying whois.dns.pl] > [whois.dns.pl] > % This is the NASK WHOIS Server. > % This server provides information only for PL domains. > % For more info please see http://www.dns.pl/english/whois.html > > Domain object: > domain: xip.pl > registrant's handle: dinz5du40 (CORPORATE) > nservers: ns1.ehost.pl.[80.237.184.22] > ns2.ehost.pl.[83.149.119.142] > created: 2003.10.06 > last modified: 2005.09.19 > registrar: Dinfo Systemy Internetowe > ul. Mostowa 5 > 43-300 Bielsko-Biala > Polska/Poland > +48.33 8225471 > biuro@dinfo.pl > > option: the domain name has not option > > Subscribers Contact object: > company: eHost s.c. > organization: eHost.pl > street: Cichockiego 13/6 > city: 24-100 Pulawy > location: PL > handle: dinz5du40 > phone: +48.502533333 > last modified: 2004.11.03 > registrar: Dinfo Systemy Internetowe > ul. Mostowa 5 > 43-300 Bielsko-Biala > Polska/Poland > +48.33 8225471 > biuro@dinfo.pl > > Technical Contact: > company: eHost s.c. > organization: eHost.pl > street: Cichockiego 13/6 > city: 24-100 Pulawy > location: PL > handle: dinz5du40 > phone: +48.502533333 > last modified: 2004.11.03 > registrar: Dinfo Systemy Internetowe > ul. Mostowa 5 > 43-300 Bielsko-Biala > Polska/Poland > +48.33 8225471 > biuro@dinfo.pl > > > > ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664