Hello everybody!

Bytedance is the biggest script kiddie that keeps getting caught by fail2ban and this IP range, amongst others from them, has been banned for 26 weeks...

===
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to '14.103.0.0 - 14.103.255.255'

% Abuse contact for '14.103.0.0 - 14.103.255.255' is 'noc@bytedance.com'

inetnum: 14.103.0.0 - 14.103.255.255
netname: VOLCANO-ENGINE
descr: Beijing Volcano Engine Technology Co., Ltd.
descr: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing
country: CN
admin-c: YW7147-AP
tech-c: JS4370-AP
abuse-c: AC1601-AP
status: ALLOCATED PORTABLE
mnt-by: MAINT-CNNIC-AP
mnt-lower: MAINT-CNNIC-AP
mnt-routes: MAINT-CNNIC-AP
mnt-irt: IRT-VOLCANO-ENGINE-CN
last-modified: 2022-05-19T06:54:29Z
source: APNIC

irt: IRT-VOLCANO-ENGINE-CN
address: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing
e-mail: noc@bytedance.com
abuse-mailbox: noc@bytedance.com
admin-c: YW7147-AP
tech-c: JS4370-AP
auth: # Filtered
remarks: noc@bytedance.com was validated on 2024-08-15
mnt-by: MAINT-CNNIC-AP
last-modified: 2024-08-15T01:10:27Z
source: APNIC

role: ABUSE CNNICCN
country: ZZ
address: Beijing, China
phone: +000000000
e-mail: ipas@cnnic.cn
admin-c: IP50-AP
tech-c: IP50-AP
nic-hdl: AC1601-AP
remarks: Generated from irt object IRT-CNNIC-CN
abuse-mailbox: ipas@cnnic.cn
mnt-by: APNIC-ABUSE
last-modified: 2024-07-30T11:55:46Z
source: APNIC

person: Liu Nian
address: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing
country: CN
phone: +86-10-13810123695
e-mail: zhangzhaoyang.1@bytedance.com
nic-hdl: JS4370-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2025-01-06T01:34:46Z
source: APNIC

person: Chen Qi
address: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing
country: CN
phone: +86-10-13051468788
e-mail: gnoc@bytedance.com
nic-hdl: YW7147-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2025-01-06T01:34:08Z
source: APNIC

% Information related to '14.103.161.0/24AS137718'

route: 14.103.161.0/24
origin: AS137718
descr: China Internet Network Information Center
Floor1, Building No.1 C/-Chinese Academy of Sciences
4, South 4th Street
Haidian District,
mnt-by: MAINT-CNNIC-AP
last-modified: 2023-07-10T07:16:15Z
source: APNIC

% This query was served by the APNIC Whois Service version 1.88.25 (WHOIS-US4) ===

-- Sean

... The best way to lose freedom is not to do anything.
--- GoldED+/LNX 1.1.5-b20240209
* Origin: Outpost BBS * Johnson City, TN (618:618/1)

abuse-mailbox: noc@bytedance.com

You sending any of these to this?

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (618:500/24)

Hello T!

13 Jan 25 22:21, you wrote to me:

You sending any of these to this?

Nope. They just ignore it. Dealing with Chinese ISPs is like pissing in the wind: you can do it but it accomplishes nothing.

Instead, I built my own security system that deals with it for me.

Those subnets are blocked for 26 weeks at a time. They act up, they get banned again.

I get weird places trying to bust in like Tehran, Seychelles, France, Russia, Nigeria, et cetera. If I sent out spam emails, that's all I'd be doing 24/7.

Unless you're a big company like M$, IBM, et al., ISPs don't give a damn about you or your reports.

If you want to have fun, do a whois on some of these IPs...from tonight's filter:

[{'sshd': []}, {'proftpd': []}, {'recidive': ['107.170.228.16', '109.167.197.20', '110.10.168.140', '134.209.168.219', '167.99.77.197', '184.168.122.184', '185.121.0.25', '187.188.0.71', '188.166.105.120', '202.95.12.187', '34.142.110.144', '36.26.76.180', '54.39.13.198', '59.12.160.91', '62.36.40.104', '74.225.198.160', '92.30.240.26', '97.74.87.26', '118.70.170.120', '198.100.154.199']}, {'pam-generic': ['155.4.244.179', '203.205.37.233', '162.240.109.153', '198.100.154.199', '190.244.22.181', '5.188.86.176', '107.173.30.225', '151.80.118.222', '179.93.246.130', '185.196.220.81', '189.178.111.146', '51.75.161.33', '186.39.31.173', '118.193.35.17', '138.124.26.116', '180.252.123.57', '122.53.133.167', '45.233.58.140', '181.28.101.14', '103.48.192.48', '183.88.232.183', '116.110.93.46', '171.251.20.209', '91.239.206.219', '183.88.242.108', '84.247.169.168', '27.112.79.152', '218.78.105.232']}, {'manban': []}, {'recidive-subnet': ['103.10.44.0', '103.139.193.0', '103.140.73.0', '103.174.130.0', '103.176.79.0', '103.177.181.0', '103.181.142.0', '103.181.143.0', '103.192.199.0', '103.23.198.0', '103.23.199.0', '103.230.123.0', '103.238.234.0', '103.52.114.0', '103.65.202.0', '103.76.120.0', '110.25.102.0', '115.151.72.0', '120.50.8.0', '124.237.215.0', '128.14.167.0', '138.68.140.0', '14.103.112.0', '14.103.114.0', '14.103.115.0', '14.103.117.0', '14.103.118.0', '14.103.161.0', '154.221.34.0', '156.0.130.0', '156.238.99.0', '162.247.74.0', '168.220.235.0', '171.22.31.0', '171.244.37.0', '185.129.61.0', '185.147.124.0', '185.213.164.0', '185.220.101.0', '185.220.103.0', '185.241.208.0', '185.246.223.0', '185.255.91.0', '187.49.152.0', '192.42.116.0', '193.32.162.0', '195.178.110.0', '195.47.238.0', '197.5.145.0', '2.57.122.0', '20.197.49.0', '203.145.34.0', '210.79.191.0', '23.158.56.0', '27.254.235.0', '31.7.70.0', '45.141.215.0', '45.148.10.0', '45.202.32.0', '45.206.58.0', '45.252.181.0', '8.222.147.0', '8.222.188.0', '81.192.46.0', '82.207.8.0', '85.208.253.0', '92.255.85.0', '94.156.104.0', '189.50.215.0', '103.164.138.0']}]

The "recidive-subnet" filter is for subnets that are especially active in trying to find their way in. They get the 26 week ban.

-- Sean

... If at first you succeed, you have no idea what you're doing.
--- GoldED+/LNX 1.1.5-b20240209
* Origin: Outpost BBS * Johnson City, TN (618:618/1)