Who have you been upsetting now? 

the anti fox hunting brigade

I think you can report that by email to abuse@plus.net

Do you have the Plusnet firewall on?

jelv (a.k.a Spoon Whittler)    Why I have left Plusnet (warning: long post!)    Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month)

---

@VileReynard wrote:

 

But if your IP address is x.x.89.61 then you may encounter problems.

---

So for your sins you've passed the buck to some other poor soul.

And after a few hours delay it followed me to my IP address (146.198.x.x) - there doesn't appear to be much point in secrecy since every man and his dog has decided to practice SYN attacks on it.

I expect the entire Plusnet IP range is being attacked?

It's so pointless, especially when I have no port forwarding.

A whois gives

whois 146.198.x.x

...

NetRange:       146.198.0.0 - 146.198.255.255
CIDR:           146.198.0.0/16
NetName:        PLUSNET3
NetHandle:      NET-146-198-0-0-1
Parent:         NET146 (NET-146-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       AS6871
Organization:   INFONET Services Corporation (INFO)
RegDate:        1991-02-28
Updated:        2015-03-12
Ref:            https://whois.arin.net/rest/net/NET-146-198-0-0-1

OrgName:        INFONET Services Corporation
OrgId:          INFO
Address:        2160 East Grand Avenue
City:           El Segundo
StateProv:      CA
PostalCode:     90245-1022
Country:        US
RegDate:        
Updated:        2017-01-28
Ref:            https://whois.arin.net/rest/org/INFO

...

Is this right?

Moderator's note by Mike (Mav): Full IP address edited in a public forum.

 So get yourself a plusnet hubone. That has no visible logging so you won't be able to see the attacks to worry about them 

EDIT: Actually it does log stuff.. sorry i only found that around 10 minutes later when trying to do something else in the admin pages.

Incidentally I have port 80 open and redirected to my desktop PC for the apache webserver. When i look in the database i can see loads of bots have been trying to exploit phpmyadmin setup script logs and various other things. People are out there scanning and attempting to attack all the time. In my case they make contact with the default host on my apache which has one web page and nothing else. My actual websites are all on virtual hosts and the admin site with phpmyadmin installed is on a virtual host only accessible to the local network.

I've accepted that they'll always be there trying.. it's just one of those things.

I would be checking my PC's/Laptops with Malwarebytes ad all the antivirus software I could find, there is a good chance that something on one of your devices is call somewhere to start these DDOS attacks.

As for the IP address, it is well known that PN have used other BT division addresses when they expanded their network, and that many of the IP address checkers are out of date. It can cause access difficulty's with some sites, but these seem to be getting less troublesome.