RCACURRARE spambot

I see some spambot named RCACURRARE is putting crap on some summits pages, I see W6 CT-044 and W6 NC-150 have spam, there are probably more

In reply to N6JZT:

Websites spamvertised are in China. Those pages are clean now and I’ll get the account closed.

My own servers run fail2ban, the logs are most amusing to view. A never ending stream of bots and children trying to break in. 99.99999999999999% of attacks come from China.

The online world would be such a better place if we just cut all the links to China. On my old home router I had many /16 and /24 IP blocks permanently locked out to keep the marauding masses at bay.

Andy
MM0FMF

In reply to MM0FMF:

99.99999999999999% of attacks come from China

Just one in every million billion attacks don’t come from China? Really? Or were you exaggerating just a little bit? :wink:

Tom M1EYP

In reply to M1EYP:

The last few in the log for the Zurich machine

2013-11-10 08:08:59,515 fail2ban.actions: WARNING [ssh] Ban 59.37.66.139

person: IPMASTER CHINANET-GD
nic-hdl: IC83-AP
e-mail: ipadm@189.cn
address: NO.1,RO.DONGYUANHENG,YUEXIUNAN,GUANGZHOU
phone: +86-20-83877223
fax-no: +86-20-83877223
country: CN
changed: ipadm@189.cn 20110418
mnt-by: MAINT-CHINANET-GD
remarks: IPMASTER is not for spam complaint,please send spam complaint to abuse_gdnoc@189.cn
abuse-mailbox: abuse_gdnoc@189.cn
source: APNIC

2013-11-10 20:01:15,524 fail2ban.actions: WARNING [ssh] Ban 220.164.144.135

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: dingsy@cndata.com 20070416
mnt-by: MAINT-CHINANET
source: APNIC

2013-11-10 21:08:27,267 fail2ban.actions: WARNING [ssh] Ban 221.11.64.118

person: CNCGroup-SN Hostmaster
nic-hdl: CH679-AP
e-mail: quyj@china-netcom.com
address: China Network Communication ,SVT
address: NO.2 GuangDe Road, High Tec Zone
address: Xi’an, Shannxi, China
phone: +86-29-88192060
fax-no: +86-29-88192037
country: CN
changed: quyj@china-netcom.com 20060119
mnt-by: MAINT-CNCGROUP-SN
source: APNIC

2013-11-11 01:00:23,558 fail2ban.actions: WARNING [ssh] Ban 203.91.121.72

role: CERNET Helpdesk
address: Room 224, Main Building
address: Tsinghua University
address: Beijing 100084, China
country: CN
phone: +86-10-6278-4049
fax-no: +86-10-6278-5933
e-mail: cernet-helpdesk-ip@net.edu.cn
remarks: abuse@net.edu.cn
admin-c: XL1-CN
tech-c: SZ2-AP
nic-hdl: CER-AP
remarks: Point of Contact for admin-c
mnt-by: MAINT-CERNET-AP
changed: cernet-helpdesk-ip@net.edu.cn 20010903
source: APNIC
changed: hm-changed@apnic.net 20111114

2013-11-12 07:41:21,938 fail2ban.actions: WARNING [ssh] Ban 119.147.106.141

person: IPMASTER CHINANET-GD
nic-hdl: IC83-AP
e-mail: ipadm@189.cn
address: NO.1,RO.DONGYUANHENG,YUEXIUNAN,GUANGZHOU
phone: +86-20-83877223
fax-no: +86-20-83877223
country: CN
changed: ipadm@189.cn 20110418
mnt-by: MAINT-CHINANET-GD
remarks: IPMASTER is not for spam complaint,please send spam complaint to abuse_gdnoc@189.cn
abuse-mailbox: abuse_gdnoc@189.cn
source: APNIC

Enough?

Andy
MM0FMF

OK, I guess 5 out of 5 is more than one million billion minus one…

Tom M1EYP