Heads up about a possible hack/scan

You have listed systems designed with a single purpose in mind. This is a general discussion forum and it is not designed for reporting single attacks. Fozl has hit the nail on the head.

I kind of see Winits point, I see scans like this as the internets version of background radiation. It would be futile to post a thread warning everyone every time you see scans or a brute force from a specific IP in your logs. But it's not a waste of time to discuss these things more generally than specifically.

Not so much "Beware! IP so and so and so tried to brute force me eveyone!" instead more "What to do if you're being scanned etc from some IP, setup iptables, email the abuse department the IP belongs to, etc"

WiniT, if you're right that its a waste of time, then whats the point in

OpenDNS's filtering,
Pishtank,
SpamHaus,
etc...........

Aren't they warning people?

Do I really need to educate you about how many hundreds of thousands of malicious hosts exist on the Internet? Are you going to make a new thread every time one of them scans your machine?

I don't think so.

The important thing is to make sure your system is secure and automatically detects incoming threats.

As Myatu pointed out, WHOIS the IP and report it to the abuse address.

Yeah i really like this idea actually.

on that forum you can also explain how to setup such systems

wonderfull idea, I like it! (in sense of: helping others, to combat abuse)

I actually think its a good thing as it will help to stop such things in their tracks, The more that know the more we can help get these sort of people off the map!

I am actually thinking of starting a forum where webhosts can come and post details of hackers, spammers, scammers, So together we can combat this major problem.

Of course having good detection systems in place such as maxmind will help keep these types off the servers but theirs allways some which gets through it.

Explain why?

Actually, I think you're right, what do I care if other people get scanned, right?

It's a waste of time to post "attacks" on the forum.

Thanks for sharing, However doruk.net does have an allocation of IP's from 82.151.128.0 TO 82.151.128.255

If sending an email to their abuse department doesnt work, Maybe you should contact RIPE

Thanks! You did send abuse@doruk.net.tr an e-mail as well, right?

For the past two days, several IPs within 82.151.128.0/19 (Turkey) are trying to bombard port 110. Not sure if its serious but I've blocked it via iptables just to be safe.

Just wanted to give people a heads up.