There are some days where High Speed Internet for Personal use just should
never have been invented ...

Over the past 24 hours, we've been experiencing a problem with the network
that has taken us a bit to identify as being at our end, and a little bit
longer to identify as being with the postgresql.org vServer ... someone is
attacking it ...

our provider has blocked the IP for now, so that direct access to the
vServer isn't possible, but due to the delivery rules, and MXs, email
should still flow properly ...

The attacking IP, from the logs, appears to be "87.230.6.96" ...

I'm lowering the TTL for the the DNS right now, and, if this persists past
a few hours, I will change the IP and hope that they are attacking the IP,
and not the domain ...


----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email . scrappy@hub.org MSN . scrappy@hub.org
Yahoo . yscrappy Skype: hub.org ICQ . 7615664

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly

"Marc G. Fournier" <scrappy@postgresql.org> writes:
> The attacking IP, from the logs, appears to be "87.230.6.96" ...

Perhaps a complaint to their ISP is in order --- RIPE suggests
net-abuse@hosteurope.de

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

http://archives.postgresql.org

On Fri, 2006-07-28 at 17:37, Tom Lane wrote:
> "Marc G. Fournier" <scrappy@postgresql.org> writes:
> > The attacking IP, from the logs, appears to be "87.230.6.96" ...
>
> Perhaps a complaint to their ISP is in order --- RIPE suggests
> net-abuse@hosteurope.de

That looks 1 level too high, the immediate source seems to be
http://www.ehost.pl/onas.php

They could probably act faster and more at the source... down on the
page from the link above you can find abuse@ehost.pl for complaints.

Cheers,
Csaba.


$> nslookup 87.230.6.96
Server: 192.168.1.4
Address: 192.168.1.4#53

Non-authoritative answer:
96.6.230.87.in-addr.arpa name = vpsdws.xip.pl.

Authoritative answers can be found from:
6.230.87.in-addr.arpa nameserver = dns.hosteurope.de.
6.230.87.in-addr.arpa nameserver = dns2.hosteurope.de.
dns.hosteurope.de internet address = 80.237.128.156
dns2.hosteurope.de internet address = 80.237.129.61



$> whois xip.pl
[Querying whois.dns.pl]
[whois.dns.pl]
% This is the NASK WHOIS Server.
% This server provides information only for PL domains.
% For more info please see http://www.dns.pl/english/whois.html

Domain object:
domain: xip.pl
registrant's handle: dinz5du40 (CORPORATE)
nservers: ns1.ehost.pl.[80.237.184.22]
ns2.ehost.pl.[83.149.119.142]
created: 2003.10.06
last modified: 2005.09.19
registrar: Dinfo Systemy Internetowe
ul. Mostowa 5
43-300 Bielsko-Biala
Polska/Poland
+48.33 8225471
biuro@dinfo.pl

option: the domain name has not option

Subscribers Contact object:
company: eHost s.c.
organization: eHost.pl
street: Cichockiego 13/6
city: 24-100 Pulawy
location: PL
handle: dinz5du40
phone: +48.502533333
last modified: 2004.11.03
registrar: Dinfo Systemy Internetowe
ul. Mostowa 5
43-300 Bielsko-Biala
Polska/Poland
+48.33 8225471
biuro@dinfo.pl

Technical Contact:
company: eHost s.c.
organization: eHost.pl
street: Cichockiego 13/6
city: 24-100 Pulawy
location: PL
handle: dinz5du40
phone: +48.502533333
last modified: 2004.11.03
registrar: Dinfo Systemy Internetowe
ul. Mostowa 5
43-300 Bielsko-Biala
Polska/Poland
+48.33 8225471
biuro@dinfo.pl




---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match

On Fri, 28 Jul 2006 17:51:11 +0200
Csaba Nagy <nagy@ecircle-ag.com> wrote:
> > Perhaps a complaint to their ISP is in order --- RIPE suggests
> > net-abuse@hosteurope.de
>
> That looks 1 level too high, the immediate source seems to be
> http://www.ehost.pl/onas.php

I would go to both. ehost.pl could very well be some kid in his
parent's basement and may be the problem. RIPE says that hosteurope.de
is responsible for that IP. You have to take them at their word.

--
D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves
http://www.druid.net/darcy/ | and a sheep voting on
+1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend

I have email'd both, thanks ...

On Fri, 28 Jul 2006, Csaba Nagy wrote:

> On Fri, 2006-07-28 at 17:37, Tom Lane wrote:
>> "Marc G. Fournier" <scrappy@postgresql.org> writes:
>>> The attacking IP, from the logs, appears to be "87.230.6.96" ...
>>
>> Perhaps a complaint to their ISP is in order --- RIPE suggests
>> net-abuse@hosteurope.de
>
> That looks 1 level too high, the immediate source seems to be
> http://www.ehost.pl/onas.php
>
> They could probably act faster and more at the source... down on the
> page from the link above you can find abuse@ehost.pl for complaints.
>
> Cheers,
> Csaba.
>
>
> $> nslookup 87.230.6.96
> Server: 192.168.1.4
> Address: 192.168.1.4#53
>
> Non-authoritative answer:
> 96.6.230.87.in-addr.arpa name = vpsdws.xip.pl.
>
> Authoritative answers can be found from:
> 6.230.87.in-addr.arpa nameserver = dns.hosteurope.de.
> 6.230.87.in-addr.arpa nameserver = dns2.hosteurope.de.
> dns.hosteurope.de internet address = 80.237.128.156
> dns2.hosteurope.de internet address = 80.237.129.61
>
>
>
> $> whois xip.pl
> [Querying whois.dns.pl]
> [whois.dns.pl]
> % This is the NASK WHOIS Server.
> % This server provides information only for PL domains.
> % For more info please see http://www.dns.pl/english/whois.html
>
> Domain object:
> domain: xip.pl
> registrant's handle: dinz5du40 (CORPORATE)
> nservers: ns1.ehost.pl.[80.237.184.22]
> ns2.ehost.pl.[83.149.119.142]
> created: 2003.10.06
> last modified: 2005.09.19
> registrar: Dinfo Systemy Internetowe
> ul. Mostowa 5
> 43-300 Bielsko-Biala
> Polska/Poland
> +48.33 8225471
> biuro@dinfo.pl
>
> option: the domain name has not option
>
> Subscribers Contact object:
> company: eHost s.c.
> organization: eHost.pl
> street: Cichockiego 13/6
> city: 24-100 Pulawy
> location: PL
> handle: dinz5du40
> phone: +48.502533333
> last modified: 2004.11.03
> registrar: Dinfo Systemy Internetowe
> ul. Mostowa 5
> 43-300 Bielsko-Biala
> Polska/Poland
> +48.33 8225471
> biuro@dinfo.pl
>
> Technical Contact:
> company: eHost s.c.
> organization: eHost.pl
> street: Cichockiego 13/6
> city: 24-100 Pulawy
> location: PL
> handle: dinz5du40
> phone: +48.502533333
> last modified: 2004.11.03
> registrar: Dinfo Systemy Internetowe
> ul. Mostowa 5
> 43-300 Bielsko-Biala
> Polska/Poland
> +48.33 8225471
> biuro@dinfo.pl
>
>
>
>

----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email . scrappy@hub.org MSN . scrappy@hub.org
Yahoo . yscrappy Skype: hub.org ICQ . 7615664

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

http://archives.postgresql.org