[Dxspider-support] DXCluster bot

Danilo Brelih danilo.brelih at siol.net
Sat Jul 30 10:12:26 BST 2022 

It helps also if you set SET/BADWORD. Blocking the bot from connecting to your 
cluster is the most effective method. 94.156.203.117 IP has been in use for 
several days. From today he is using also Telecom Italia S.p.A. (Venice, Italy) 
IP 79.20.34.246. Check whether it connects to your cluster node instead.

SET/BADWORD kills
SET/BADWORD ruzzia
SET/BADWORD criminal
SET/BADWORD murders
SET/BADWORD nazzists

etc....

GL Dan




> Hi
>
> Exactly the same bot at work like last last year with CQWW contest. Already 
> set up iptables firewall rule rejected subnet 94.156.203.0/24 here.
>
> GL Dan
>
>
>
>> There is a bot out there that delights in trying to confuse the Contest 
>> Committee's log checking process and/or causing contestants' problems by 
>> posting spurious spots using their callsign. It does this by logging in to a 
>> node, "sniping" a spot and then immediately disconnecting.
>>
>> Here are some examples:
>>
>> 13:15:59 (progress) CMD: 'show/cluster ' by LZ1JZ ip: 217.61.58.23 1mS
>> 13:16:00 (progress) CMD: 'DX YL2KO 14082.2' by LZ1JZ ip: 217.61.58.23 1mS
>> 13:16:00 (progress) CMD: 'bye ' by LZ1JZ ip: 217.61.58.23 45mS
>> 13:16:25 (progress) CMD: 'show/cluster ' by CT1GFQ ip: 217.61.58.23 0mS
>> 13:16:25 (progress) CMD: 'DX ZF1A 28127.6' by CT1GFQ ip: 217.61.58.23 1mS
>> 13:16:25 (progress) CMD: 'bye ' by CT1GFQ ip: 217.61.58.23 12mS
>> 13:18:18 (progress) CMD: 'show/cluster ' by DK5QN ip: 217.61.58.23 0mS
>> 13:18:18 (progress) CMD: 'DX NY3A 21067.2' by DK5QN ip: 217.61.58.23 1mS
>> 13:18:18 (progress) CMD: 'bye ' by DK5QN ip: 217.61.58.23 13mS
>> 13:55:21 (progress) CMD: 'show/cluster ' by VK6POP ip: 217.61.58.23 0mS
>> 13:55:21 (progress) CMD: 'DX W3UA 21022.5' by VK6POP ip: 217.61.58.23 1mS
>> 13:55:21 (progress) CMD: 'bye ' by VK6POP ip: 217.61.58.23 10mS
>> 13:55:32 (progress) CMD: 'show/cluster ' by EA3HXV ip: 217.61.58.23 0mS
>> 13:55:32 (progress) CMD: 'DX MI5I 14012.5' by EA3HXV ip: 217.61.58.23 2mS
>> 13:55:32 (progress) CMD: 'bye ' by EA3HXV ip: 217.61.58.23 23mS
>>
>> To try and reduce this as much as possible, please would you block this ip 
>> address 217.61.58.23 (or its subnet
>> 217.61.58.0/24) using your firewall (in your router). If you are running 
>> Linux/BSD you could consider installing UFW or similar software to help with 
>> this task.
>>
>> 73 Dirk G1TLH
>>
>> _______________________________________________
>> Dxspider-support mailing list
>> Dxspider-support at tobit.co.uk
>> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support


-- 
Gorje, Cerkno h=604m <https://s50e.si/gorje.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20220730/b7874807/attachment.htm>

More information about the Dxspider-support mailing list