@naitlee, you are right and i feel bad for you because i know you were trying to help
And you don't feel bad that a python script is shared on your forum with just no interest in helping to counter those attacks ?
Let's be clear : if those attacks are so benign, the BELL is just "stupid code" to play with my ears, etc,
blabla, why was my antivirus triggered and the name of a botnet mentioned ?
At what moment should I react and say to myself
"wooooh, this is going wild now" ? When losing data ? When losing login access ?
The problem is that when the address of a target is known to a hacker, there is little chance that it will not be tested
I don't understand the logic here, but about me spreading my DUCKDNS address, I only did it
AFTER the attacks appeared :
https://rejetto.com/forum/index.php?topic=13535.msg1067415#msg1067415 From Rom_1983's point of view, nothing accuses you, but given the suspicion that you are under surveillance, it suggests that these attacks are indirectly linked to your Python scripts.
My point of view is : it is very unlikely that I can be subject to such an amount of hacking attempts just after a Python script was given to me, just by pure coincidence, and that one of the origin of those attacks is the same than the author of the script. If those attacks on port:80 had been going on since years, I would have had a clue of it (an error message, a sound, antivirus reacting, etc). Sorry but I don't buy the
" if you open a web server on the internet, and using ports on common numbers makes it just much worse/frequent." : I've already used local HTTP serving with PHP before, I've never,
NEVER, experience such an amount of attacks in any CLI opened.
So, the CLI with Python listening to :80 port is just a door opened to what was running behind the scene since years ? Explain me why the guy who gives me the script is coincidently from the same country than the botnet detected and at the same time says that "CONNECT google.com:443" is nothing to his eyes even after antivirus reacting to the botnet. So, Python can't interpret the CONNECT method, just because his script (the "server") could "never be breached" ?
How... many... elements... do... we... need... here ? How ?
A real good and professional person would say
"oops, sorry, I'm a little bit reckless here, let me add a strong protection to my script" instead of taking is speaker for a total noob.
All he did was adding a banning system based on HTTP header ! Ok... and the URL typed ? Can't we say that the script doesn't accept URLs like "/actuator/health" instead of watching it with semi-closed eyes and patronizing the guy whom we gave the script ?
They are still false positives.
You have nerves to dare saying that after I send you a PM with the antivirus screenshot
that you never answered.
You preferred to come here right after it and talk to admins/moderators, instead of conversing with me. I've always been polite with you, don't try to dodge like that.
If I was a forum admin, I would listen to my instinct and warn you to not share scripts, programs, or plugins anymore. But hey ! That's racism !
Connect? Just another non-sense that try to horrify you.
BOO !
— Nod32