Ongoing apparent attack
Resolved
Feb 11 at 12:37am EST
Server load has fallen back to normal levels.
Following IPs blocked in UFW:
Anywhere DENY 176.65.144.147
Anywhere DENY 218.150.246.42
Anywhere DENY 104.140.17.85
Anywhere DENY 180.101.22.248
Anywhere DENY 68.83.136.205
Anywhere DENY 92.118.39.86
Anywhere DENY 103.13.206.28
Anywhere DENY 46.101.171.235
Anywhere DENY 103.182.132.154
Affected services
The Weather Station Experts (HAL2)
AltWire (HAL2)
TWSE Cron Job (HAL2)
AltWire Cron Job (HAL2)
Updated
Feb 11 at 12:15am EST
Continuing to monitor, was an attack with the focus between 9-11pm. Blocked a half dozen IP addresses, which has allowed the server load to decrease. Some of the IPs blocked were also involved in another incident the night before. TWSE was taken offline during the attack for 10 minutes.
Affected services
The Weather Station Experts (HAL2)
AltWire (HAL2)
TWSE Cron Job (HAL2)
AltWire Cron Job (HAL2)
Created
Feb 10 at 09:30pm EST
High CPU usage appears to be an attempt at breaking into servers originating from two IP addresses. The IPs have been blocked, and monitoring to see if this brings CPU usage back down. Published time is the initial time high CPU usage was first observed.
Affected services
The Weather Station Experts (HAL2)
AltWire (HAL2)
TWSE Cron Job (HAL2)
AltWire Cron Job (HAL2)