zlacker

[parent] [thread] 6 comments
1. dunder+(OP)[view] [source] 2026-01-15 04:25:16
Hmm. If it is an attempt at DDoS attacks, it's probably not very fruitful:

  >$ resolvectl query gyrovague.com

  gyrovague.com: 192.0.78.25                     -- link: eno1
                 192.0.78.24                     -- link: eno1
Viewing the first IP address on https://bgp.he.net/ip/192.0.78.25 shows AS2635 (https://bgp.he.net/AS2635) is announcing 192.0.78.0/24. AS2635 is owned by https://automattic.com aka wordpress.com. I assume that for a managed environment at their scale, this is just another Wednesday for them.
replies(3): >>dunder+p1 >>mike_d+65 >>arcfou+m5
2. dunder+p1[view] [source] 2026-01-15 04:37:03
>>dunder+(OP)
It occurred to me while reading the article that I could also just have checked the TLS cert. The cert I was given presents "Common Name tls.automattic.com". However, maybe someone will discover bgp.he.net via this :-)
replies(2): >>catlif+M4 >>notmys+ep
◧◩
3. catlif+M4[view] [source] [discussion] 2026-01-15 05:11:02
>>dunder+p1
> maybe someone will discover bgp.he.net via this

I did, thank you!

replies(1): >>justso+xg
4. mike_d+65[view] [source] 2026-01-15 05:14:46
>>dunder+(OP)
It is using the ?s= parameter which causes WordPress to initiate a search for a random string. This can result in high CPU usage, which I believe is one of the DoS vectors that works on hosted WordPress.
5. arcfou+m5[view] [source] 2026-01-15 05:17:06
>>dunder+(OP)
I believe they're probably trying to get the blog suspended (automatically?) hence the cache busting; chewing through higher than normal resources all of a sudden might do the trick even if it doesn't actually take it offline.
◧◩◪
6. justso+xg[view] [source] [discussion] 2026-01-15 06:59:08
>>catlif+M4
Add https://bgp.tools to the list
◧◩
7. notmys+ep[view] [source] [discussion] 2026-01-15 08:09:54
>>dunder+p1
good ol' hurricane electric
[go to top]