Well, after a few days of the botnet relentlessly trying to log into the admin account on my NAS, an effort which was doomed to fail since the account with the username "admin" is disabled exactly to protect against attacks of this sort, the attack simply… stopped. There hasn't been a single login attempt in over four days.
This, to my mind, is final proof that it was a botnet. I went from over 300 different IPs trying continuously to log in, to 0, in an instant.
#infosec
Jonathan Kamens /
npub1et…7vupq
2025-03-21 20:00:36
in reply to nevent1q…zad6
Author Public Key
npub1ethstkst9853uj0l37x0v878y0am5j50at9l50ux6qrxpxuv6xpsh7vupqPublished at
2025-03-21 20:00:36Event JSON
{
"id": "971c855de3e50a898c982c2876229169c674af9a6364930519e6f292ee86264c",
"pubkey": "caef05da0b29e91e49ff8f8cf61fc723fbba4a8feacbfa3f86d006609b8cd183",
"created_at": 1742587236,
"kind": 1,
"tags": [
[
"e",
"76ed307c8090c1605bae2926d9e2eb6ae2ad67dfdc7a2a276e5e30e7c57c2d57",
"wss://relay.mostr.pub",
"reply"
],
[
"t",
"infosec"
],
[
"proxy",
"https://federate.social/users/jik/statuses/114202197163608905",
"activitypub"
]
],
"content": "Well, after a few days of the botnet relentlessly trying to log into the admin account on my NAS, an effort which was doomed to fail since the account with the username \"admin\" is disabled exactly to protect against attacks of this sort, the attack simply… stopped. There hasn't been a single login attempt in over four days.\nThis, to my mind, is final proof that it was a botnet. I went from over 300 different IPs trying continuously to log in, to 0, in an instant.\n#infosec",
"sig": "9f62981393c7fd50fa8d154ee7b25f7252780f5b84f00813a32c8ac6e6e609ab24d87b48fb258f2a3bdf2e8c126da633c0ef7606b3643de81880eaa44af34dc8"
}