+ Reply to Thread
Results 1 to 3 of 3

Thread: Companies Sending Avalon syn flood attacks

  1. Link to Post #1
    Australia Avalon Member Dianamar's Avatar
    Join Date
    19th August 2016
    Posts
    47
    Thanks
    73
    Thanked 190 times in 44 posts

    Default Companies Sending Avalon syn flood attacks

    Hi All , i was just reading the forum when i was cut off. My partner looked in the router security log and saw this company https://www.abuseipdb.com/whois/184.105.139.81


    sending a syn flood to Avalon's server here https://whatismyipaddress.com/ip/198.143.158.131


    from my pc.


    Is there anything I can do to stop this from happening in future ?


    D

  2. The Following 9 Users Say Thank You to Dianamar For This Post:

    Aragorn (23rd August 2019), avid (23rd August 2019), Bill Ryan (23rd August 2019), Billy (23rd August 2019), Cara (23rd August 2019), Hervé (23rd August 2019), Nasu (23rd August 2019), Tintin (23rd August 2019), toppy (23rd August 2019)

  3. Link to Post #2
    Scotland Moderator Billy's Avatar
    Join Date
    27th January 2011
    Location
    Scotland
    Age
    65
    Posts
    5,992
    Thanks
    46,849
    Thanked 28,109 times in 4,457 posts

    Default Re: Companies Sending Avalon syn flood attacks

    Thank you Dianamar. We have reported this thread to be looked at by the technical staff when they are available later today.

    In the meantime I recommend you check your computer for security.
    Last edited by Billy; 23rd August 2019 at 07:12.
    When you express from a fearful heart in the now moment, You create a fearful future.
    When you express from a loving heart in the now moment, You create a loving future.

    Have no fear, Be aware and live your lives journey from a compassionate caring nurturing heart to manifest a compassionate caring nurturing future. Billyji


    Peace

  4. The Following 8 Users Say Thank You to Billy For This Post:

    Aragorn (23rd August 2019), avid (23rd August 2019), Bill Ryan (23rd August 2019), Cara (23rd August 2019), Hervé (23rd August 2019), Nasu (23rd August 2019), Tintin (23rd August 2019), toppy (23rd August 2019)

  5. Link to Post #3
    Avalon Member Aragorn's Avatar
    Join Date
    14th January 2014
    Location
    Middle-Earth
    Posts
    704
    Thanks
    7,019
    Thanked 4,487 times in 679 posts

    Default Re: Companies Sending Avalon syn flood attacks

    Quote Posted by Dianamar (here)
    Hi All , i was just reading the forum when i was cut off. My partner looked in the router security log and saw this company https://www.abuseipdb.com/whois/184.105.139.81


    sending a syn flood to Avalon's server here https://whatismyipaddress.com/ip/198.143.158.131


    from my pc.


    Is there anything I can do to stop this from happening in future ?


    D
    Hmm... Looks like a jolly bunch over there...



    Quote IP Abuse Reports for 184.105.139.81:

    This IP address has been reported a total of 1221 times from 88 distinct sources. 184.105.139.81 was first reported on December 2nd 2017, and the most recent report was 20 hours ago.
    In theory, it could be a TOR exit node, although it doesn't seem to identify as one. The SYN flood was probably a port scan, to see whether the Project Avalon server had any open ports that they could try breaking into. And the Avalon server does indeed have open ports, because it's a web server, so it has to allow incoming traffic on port 80, albeit that this does not necessarily mean that anything running on those ports could be exploited. If the web server daemon is up to date, then there shouldn't be any weaknesses ─ or at least, not in theory.

    But you say that it's coming from your computer, Diana. So if you are running a TOR browser or you are making use of a VPN with client software on your computer, then that could explain the connection between your computer and theirs.

    If on the other hand you are not running a TOR browser and you are not using a VPN or a proxy server, then I'm afraid you've got a backdoor on your computer, and then you should scan your computer immediately with the very latest anti-malware application. (Better still would be to format and reinstall.)

    As for the possible motives of the perpetrators, they could be anything, and it doesn't necessarily have anything to do with the content as posted here at Project Avalon. See, there are certain trends in cybercrime, and these days those trends are...
    • Ransomware. Compromise a system, encrypt its files, and then demand a ransom, usually to be paid in Bitcoin. Paying the ransom is pointless, because the perpetrators generally won't release the encrypted files after they've taken reception of the ransom.
    • Bitcoin mining, or otherwise put, the use of somebody's computer without their knowledge in order to create cryptographic keys, which will translate into Bitcoin value for the perpetrators.
    • Spamming. Most spam gets sent out from compromised servers and privately owned workstations. That way, the perpetrators themselves cannot be traced.
    • DDoS attacks. The more compromised computers you have under your control, the bigger the denial-of-service you can direct at an opponent. This is commonly the work of hackers working for a nation state, and there is a perpetual cyber war going on between the USA and its NATO allies on the one hand, and China, Russia, Iran and several other nations on the other hand. A lot of innocent targets get caught in the fray as collateral damage, because it's a very crude and broad-sweep attack pattern.
    Only yesterday, we've added a whole range of IP addresses to the firewall at The One Truth that were hitting us from Hong Kong, and we are constantly being hit over there by data mining bots, as well as very recently ─ and still ongoing as we speak ─ spam bots that drop off spam messages containing all the usual porn links, Viagra links, cheap loan links, cheap energy supplier links, water purifier links, et al, via the forum's contact form.

    Most of those spam messages have subject lines in Chinese script, but the IP addresses are all over the place: Iran, Russia, Hong Kong, USA, Brazil, France, you name it.

    Last edited by Aragorn; 23rd August 2019 at 11:06.

  6. The Following 9 Users Say Thank You to Aragorn For This Post:

    Bill Ryan (23rd August 2019), Cara (23rd August 2019), gs_powered (23rd August 2019), Hervé (23rd August 2019), Nasu (23rd August 2019), rogparan (23rd August 2019), Strat (23rd August 2019), Tintin (23rd August 2019), toppy (23rd August 2019)

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts