XDEVS - Scrap the bots. Thank you.

[manupthehills]

It's a bit off topics here, but I guess it will get quicker to the source.
What's happening? (Xdevs.com)

[mendip_discovery]

TiN is Ukrainian by birth and his website may have become a target for the hacking bots. I know he had issues with the FTP being messed with a few months back. If you need any info you might find it in the waybackmachine.

[EEVblog]

I've email him, will let you know if he replies.

[mendip_discovery]

He is in the US so physically safe(ish).

My own website has been getting a lot of attention. I even host my local village (Parish) council website and I am having to keep a very close eye on that as it's got the script kiddies etc trying to brute force their way in.

[JohanH]

My own website has been getting a lot of attention. I even host my local village (Parish) council website and I am having to keep a very close eye on that as it's got the script kiddies etc trying to brute force their way in.

Fail2ban and psad intrusion detection in combination with iptables makes a site relatively free from unwanted traffic. Occasionally permanently banning some Asian IP ranges (both IPv4 and IPv6) does wonders as well. And of course installing security updates when they are available. Also, if you run wordpress and such you are quite vulnerable. Nowadays I only have static web sites with some DB backend. FTP isn't recommended in this day and age.

[JohanH]

FTP isn't recommended in this day and age.

If I had to use something ftp-like (like an anonymous upload service), I would use sftp server (using ssh), create an "anonymous" user with null password, create an ssh chroot and disable shell login. Users would have to use sftp clients to upload (Filezilla, WinSCP, any linux client). Web browsers don't support ftp any more, but the "ftp" file structure can be shared read-only through the web. It's very dangerous, though, so you have to know what you are doing. I wouldn't keep anything else on the same server and block it so they can't access anything else if it's hacked.

[EEVblog]

I heard back from TiN

There is a DOS attack on my server going on since evening of Nov 6 from various VPNs in EU/Switzerland.
Somebody also deleted all old files in guest public FTP folder used to upload manuals/T&M stuff and uploaded bunch of russian propaganda videos instead.

As result I've put a dummy page on webserver temporarily while figuring out how to deal with this.
I'm not an IT guy and self-host my server in basement.

All site data and content are safe, so will be back up once it's resolved.

[Black Phoenix]

There wasn't someone who offer to help TiN to host the website somewhere else? I remember reading that somewhere.

Probably Dave you should put both in contact, no?

[EEVblog]

xdevs site is now back up and running. The bot attack has subsided. 

[Zenwizard]

TiN, If there is something that I can help with in the IT space let me know. I have a very deep background in IT.

Zen

[kada]

xdevs is down for me unfortunately, I'm located in Ireland. 
Could somebody please confirm is it still working?

[sahko123]

im in ireland and its alright for me

[kada]

Thanks for the replying, looks like it's somehow related to the Chrome browser, works fine in Edge.