Attacks to our Foru...
 
Notifications
Clear all

Attacks to our Forums, RESOLVED

3 Posts
2 Users
0 Reactions
97 Views
Editor
(@editor)
Posts: 553
Honorable Member Admin
Topic starter
 

For the last 1-2 weeks we had a lot of attacks against our forum urls, making them slow (17-30 ms per page).

With the help of @maximus the issue was totally resolved.

The issue came from tremendous hits from ColoCrossing Proxies (and a few others), trying to login/register, targetting a specific forum topic. Not sure how and why this happened.

Those are the offending IP ranges from ColoCrossing:

CIDR   --   Starting IP   -   Ending IP

135.181.0.0/16       135.181.0.0     135.181.255.255  
23.94.0.0/15 23.94.0.0 23.95.255.255  
192.3.0.0/16 192.3.0.0 192.3.255.255  
107.172.0.0/14 107.172.0.0 107.175.255.255  
198.46.128.0/17 198.46.128.0 198.46.255.255  
198.144.176.0/20 198.144.176.0 198.144.191.255  
172.245.0.0/16 172.245.0.0 172.245.255.255  
192.210.128.0/17 192.210.128.0 192.210.255.255  
198.12.64.0/18 198.12.64.0 198.12.127.255  
104.168.0.0/17 104.168.0.0 104.168.127.255  
192.227.128.0/17 192.227.128.0 192.227.255.255  
45.66.230.0/24 45.66.230.0 45.66.230.255  
198.23.168.0/22 198.23.168.0 198.23.171.255  
199.188.102.0/24 199.188.102.0 199.188.102.255
198.23.214.0/24 198.23.214.0 198.23.214.255
23.229.104.0/23 23.229.104.0 23.229.105.255
 
Posted : September 30, 2023 13:21
Topic Tags
Maximus
(@maximus)
Posts: 57
Reputable Member
 

I can tell you how this happened, since all hits were at the same forum url. Someone bookmarked that topic and posted it in some SEO crap companies.

 
Posted : September 30, 2023 13:59
Maximus
(@maximus)
Posts: 57
Reputable Member
 

That proxy attack is not only from ColoCrossing. Just finished checking your logs and it is 80% from Colocrossing but also from LeaseWeb, Host Royal, Inter Connects, IPXO  and a few others.

All of them host whatever it comes along and their ASNs must be totally blocked. Along with some legitimate users, since this is the only way to reduce their business income.

We have "laws" for GDPR and Cookies but real CRIMINALS are free to attack the whole Internet.

 
Posted : September 30, 2023 19:05