There is an ip address or block whch when i grep-ed** and wc -l* counted 11000 lines of fail. Email might be hard but that level of failure deserves a more detailed examination.
Eventually i whois lookup the thing – find it is in Romania and see this.
remarks: *** Abuse Reports to : firstname.lastname@example.org
remarks: *** This IP block is used for web hosting, ***
remarks: *** dedicated and co-located servers. In ***
remarks: *** case of spam, please only deal with ***
remarks: *** originator IP only. ***
remarks: *** DO NOT DEAL WITH THE WHOLE IP BLOCK ***
Not knowing whether i would be playing whack a mole with a secondary mx or more i decided to mallet the whole block (my block) after all 11000 things say where shit at this.
I enjoy funny whois messages this one from iran (my blog) is fun and i guess our new chums at e2servers.com will not be able to help there client until our servers gets a reboot whenever that is.
I did not contact them as clearly its more fun if we dont.
So if your a client of them you know why things dont work.
*nothing to do with a toilet -joke ** not a hollywood rape method
I was informed that refrigerator.census.shodan.io[126.96.36.199] connected and as i dislike them (my blog) it was added to the permanent firewall (my blog).
OrgAbuseName: CariNet Abuse
They have also had a mention before
Its been a while and lets hope you never try to visit the zoo with that address once they discard iit.
scumbag spammer Robert Soloway
Bananas likes to collect data for blocking be dmarc rejects and even lists of bad ranges so i decided to collect data and pass it on that spammers and probers made without me – seems only fair to pass it on to a wider audience.
The attempt was a bit botched and confusing with api keys and email. I also wanted reports and so i had an hour of woe and really odd error messages, i even had to adjust postfix to let it send email out rather than just be a local affair on our internal instance.
citizen may the children’s entertainer
The site needed config details and once you have ‘servers’ things it kind of make more sense. The client software is horrible and they suggest reconfiguring it there way rather than adapting what i know works. That probably did not help but it is good to know how it works rather than have it working and consider it magical or religious with ‘faith’.
In the end i gave up with .local config files and made backups and put the revised files where the debian os put them – it probably makes nightmares for me down the road** but it sent mail.
tube recycle those 1’s and 0’s
Api keys are confusing there are two – each ‘server’ has a unique key* and a user has a key (five digits) of which one exists that is api key the config files appear to like rather than the per server thing in this regard i am just a submitter of data.
The action for blocklist_de i did not use but I kept my existing email report, whether that sends via an http(s) api rather than email was something i never quite got figured out although the log file had some interesting stuff in for a change.
Email reporting appears to work for me as well as well as the blocklist and once i provided postfix with a gateway setting [not needed until now] mail was routed rather than remain undelivered. Oddly most of the ssh attempts we usually get appear to have dried up after all its good to tell the probers as to how there data will be shared.
It appears setup – time will tell if it makes a difference.
*remember the zoo has four domains **time for dpkg.dist files
Bananas would like to wish you all a happy Captain Picard day and to alert you to scum and villainy behind Shodan.io (my blog)
While you might not celebrate this day i think it is worth celebrating and since many humans have different new years i think it is easy to celebrate this one.
So shields up.
Time for a Picard manoeuvre (my blog)
smtpd[*]: warning: hostname inspire.census.shodan.io does not resolve to address 188.8.131.52
You have been warned. You do not want shodan.io probing you.
Shield;s up its shodan once more…
connect from battery.census.shodan.io
Its from your scammy isp friends in the Seychelles )(my blog) once more. Oh well yet another ip address made useless.
What would Picard do ?
connect from sky.census.shodan.io
Its our Seychelles beachhut isp once more and an easy to ban /24 subnet. I would not want that ip address now.
However i have a new day to celebrate – shodan.io something well worth rejecting.
My dislike of shodan.io (my blog) is well documented
does not resolve to address
So here is another to crimson firewall and forget
That address comes from Romania who if your feeling in the mood email it to the isp email@example.com because i would not not want to host anything on that address.
I seem to be having a multiple st:tng episode day today.
The delights of being a shodan.io spotter (my blog) never disappoint. Beats birdwatching
Come and meet
does not resolve to address 184.108.40.206
Of whom that isp is remembered
But is actually
;; ANSWER SECTION:
pirate.census.shodan.io. 300 IN A 220.127.116.11
Which may also be called burger (my blog) I make no comment about them as i know them already other than hi once more shall suffice.
What was up with burger ?
Anyhow something well worth crimson firewalling. You should by all know my views on the scum at shodan.io.
Enjoy your day
Advertisng can be rogue on the internet serving malware and viruses and killing your internet quota (my blog). After i installed this newer blocker i noticed the better statistics with 10% of requests being blocked, of those 10% which would have sucked down gigabytes of data and set thousands of cookies.
Oddly some blockers get more attention than others from sites who will not pay up for malware infections they served up via an incompetent third party. So they know the problem but be unwilling to tackle the issue
I have a browser without an blocker and that is rarely used for reasons i am sure you can guess.