Did I Get a DDos Attack From Russia?

At some point during yesterday’s diagnosis of my ongoing technical difficulties, the BlueHost technician asked if 185.122.204.37 was my IP, because there were something like 30,000+ hits from it that day. I verified it wasn’t mine, and that it wasn’t Instapundit (which had linked me that day), and did a reverse DNS lookup, which brought up the following:

IP Location: 185.122.204.37

185.122.204.37 appears to be located in Moscow, Russia and allocated to Chang Way Technologies Co. Limited. Autonomous System Number (ASN) code for 185.122.204.37 is AS57523. IP Address local time zone is Europe/Moscow (+0300). PTR record is set to 185.122.204.37.

That’s a very curious site to be sending me traffic, since I’m seeing none of it in my stats counter. Could I be receiving a low-grade DoS attack due to my criticisms of Putin’s war in Ukraine, or even my coverage of China’s slow-motion economic collapse, given the Chinese-sounding company? Possibly, though given BlueHost’s history, there are certainly far more prosaic explanations for my ongoing difficulties.

Also, speaking of Internet bogusity, if you search for “Battleswarm” and some topic I’ve covered (say, “Beto”), the top links are not from my blog, but from some BS “https://jawabansmk.my.id” domain that’s scraping my content and then doing all sorts of clickjacking redirect bullshit. This may be entirely unrelated to the slowness issues and the Russian/Chinese IP above, but if you would, do a Google search “BattleSwarm” and something I’ve covered, and if that site comes up, click on those three dots next to the results that send feedback to Google to remove that result. Something like: “This is not battleswarmblog.com, this is a clickjacking malware site scraping the content of battleswarmblog.com. Please delete this domain from your listings.”

Also, normally I like everything to go to my posts, but given the recent difficulties, please feel free to reprint this entire message when linking, so regular readers will know what’s up.

As for a tech update on the ongoing problems, my dashboard actions are still dog slow, but the issue has been escalated.

Tags: , , ,

10 Responses to “Did I Get a DDos Attack From Russia?”

  1. martywd says:

    Your site is coming up quick (for me) now. My ‘whois’ query from the command line indicates ‘Starcrecium Limited’ as the org-name for the IP you mention. A search for ‘Starcrecium Limited’ yeilds many abuse complains. Hmmmm?
    .

  2. Earth Pig says:

    Site’s working now.

    You must be over the target because you’re getting flak. Charlie Mike, out.

  3. Kurt says:

    I’m sorry, but if the support tech couldn’t do a whois query or look up the address on ipinfo.io, or any of dozens of other sites, it’s probably time to seek another hosting company.

    Yes, my guess would be a random bot reacting to words it didn’t like.

    Kurt

  4. The Gaffer says:

    To remind, when the CIA’s hacker dudes wanted to appear to ‘go rogue’ they first released a bunch of tools we paid to have developed. The ‘Vault 7’ story.

    One puts a ‘russian’ signature on hacks.
    https://heavy.com/tech/2017/03/wikileaks-vault-7-part-3-marble-cia-tool-to-mask-hacks-hacking-russian-chinese-arabic-decoy-languages-attribute/

    So, either SVR is incompetent, or, anybody else can be a suspect.

  5. Leland says:

    I did as you suggested using keywords “Battleswarm Abbott” and got:
    abortion « Lawrence Person’s BattleSwarm Bloghttps://kurikulumguru.my.id

    Next page:
    Ted Nugent « Lawrence Person’s BattleSwarm Bloghttps://jawabansmk.my.id › baca-https-www.battleswar…

    Reported to Google.

  6. PicklePete says:

    DuckDuckGo (DDG) was perfect FYI. Google had a couple of the fake sites. I reported them. I would honestly recommend to go to non / less biased sites, like DDG or Rumble.

  7. TallDave says:

    frankly, it would be stranger if you didn’t

    seems to be their national pastime

  8. FrancisT says:

    FYI the IP address is a known attacker looking for vulnerabilities

    see https://greensnow.co/view/185.122.204.37 as an example

    It might be worth blocking that IP at the lowest level you or your hosting provider have access to. In fact it it were my server, I’d block it and the entire /24 subnet at the firewall because numerous IP addresses on it have been IDed as attacking servers of all sorts over a prolonged period.

  9. Lawrence Person says:

    BlueHost said they blocked it.

Leave a Reply