New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
crunchbits.us log activity
Today, my st-hosting server received this:
2025-02-19T05:23:44.673996 - - - - vxor.vv loves dragons a bit too much. Really good dragon porn image (you have been warned) btw [REDACTED]. Also this is a friendly reminder that you should fix your security.
Seems it is rogue server from our "beloved" crunchmaister @crunchbits as reporting host was:
89.87.36.104.crunchbits.us
This came to my rsyslog aggregator. Very strange way to spam?
Comments
Was the dragon porn as good as they said?
Yes, yes it was... In fact it was glorious! And I'am thankful for that.
How did that message make it into your ST-Hosting syslog though? As in, an unknown server shouldn't be able to write to that log, no? 🤔
Well, when you leave 514/tcp and 514/udp open for the world - something may happen eventually. Of course typically it is some sort of scans, knocks, licks, rubs etc. To receive advertisement of website via log spam... It is another level I guess.
BTW, site for those in need of dragon love: e621 [.] net
https://crunchbits.com/ is their site.
.US redirects to a login page that doesn't exist on the .com equivalent.
It's a phishing site, it appears. All the VPS, dedicated and client area logins are on the .com site.
Edit: IP is one of theirs so IDK.
Edit 2: I'm regarded
Levi1234 is not secure password
Pretty sure it is something @crunchbits runs, but it's not meant to be a phishing page (it's a hosted instance of Chevereto) - Probably something they use internally?
No, .us is our default rDNS domain. It's not a "rogue" server of ours, just someone using a random VM with default rDNS.
Chevereto mostly just for random images here, correct.