Top 10 Hostile Web Hosting & Cloud Services for June 2019
Here is the Top 10 Hostile Web Hosting and Cloud Services for June 2019. The data is collected from 11 Websites, mainly running WordPress and sorted by the number of attacks from their IPs.
Of course Digital Ocean and OVH have filled once again our logs with attacks from their IPs. Half of our logs are from Digital Ocean and OVH IPs.
Company | Country | |
---|---|---|
1 | Cloud service “Digital Ocean, Inc” | US & NL & SG |
2 | Cloud service “OVH Systems” | FR & CA |
3 | Cloud service “VegasNAP, LLC | US |
4 | M247 Europe SRL | GB |
5 | Cloud service “NForce Entertainment” | NL |
6 | Cloud service “UK-2 Limited” | ZA (South Africa) |
7 | Cloud service “Azure” | FR |
8 | Hetzner Online GmbH | DE |
9 | Alibaba Advertising Cloud Service | CN |
10 | Cloud Service “Shenzhen Tencent” | CN |
Can confirm. OVP, Digital Ocean and Shenzhen Tencent IPs have been wreaking havoc here, too. Hetzner, interestingly, not. “Interestingly” since we’re hosted there, too. Obviously brute force scripts have been getting smarter over the years. M247 have been flooding our MX with spam mostly promoting crap on .icu URLs and have been using a shitload of different domains under the .icu TLD as sender address for weeks now. Seems they sold a shitload of shitty domains and do not care much what they are used for. Dozens of UCE complaints had absolutely no effect. Interestingly almost all their spam originitates from a hungarian carrier’s network.
Traffic from M247 is mostly for spam and some attacks from ROmania IPs.
See:
https://www.valueweb.gr/m247-com-an-other-kid-on-the-spamming-block/
As for Hetzner, we get all kind of attacks but not in a large scale and they stop after one hour or so.
For me OVH is the worst.
Ok, can i ask what kind of security plugin you currently use ?
As WordPress security plugin we use The Shield.
But all the statistics and blocks are not handled by a plugin. We have added an extra layer of protection before even anything reaches WordPress.
What exactly are those IPs doing ? Spam ?
No, no, no. Those IPs are not detected as spammers.
They conduct all kind of ATTACKS, SQL Injections, Directory Traversals, Looking for plugin or script vulnerabilities etc etc.