People reporting Internet problems in South Africa amid sustained DDoS attacks

Yup, I noticed some shenanigans in my router/logs on Saturday. I use DynDNS and only have a couple of services I forward, but I was getting SYN-flooded and port-scanned like crazy. Over 1000 unique IPs got added to my blocklist in less than 12 hours, whereas it's usually 50-100 IPs per day. About 500k packets were dropped...

My internet is fine, just a noticeable increase in unique IPs trying to telnet/DNS/portscan/DDoS/bruteforce my home network, which started immediately even after reconnecting my PPoE session and getting a new IP. Probably unrelated, but just an observation...

Screenshot 2026-05-16 164558.png
 
theratman said:
Was me you blikem, plus 3 others I know also on domains. 2fa on everything, and everything was up to date. I've fixed it and removed all the malicious code.
Click to expand...
yeah i dont name names

also wondering moer who exactly the hackers or the site owner?
 
I wonder who and why they would target SA?

hmm....
 
RedViking said:
CloudFlare is the frontpage now for a many websites. Very annoying.
Click to expand...
I feel you with that redirect.

However i cant see it as a solution if the HOST server is getting DDoS'd cause how cloudflare works just a filter.

IP from Cape Town goes to Cloudflare USA cloudflare checks okay you good no IP Abuse for xyz you allowed in forwards the packet to Server JHB but if Server JHB node is down due to DDoS or localised bot attacks.. Cloudflare throws error

We had it once when we tested Cloudflare that 1 million hits came from China knocking our server completely out. and was coming from Cloudflares IP and on cloudflare shows no everything is fine (this was a year ago) ever since then i went back away from cloudflare im willing to try again but in December when traffic is lower and to test with some heavy configurations that side.

i speak to the senior tech at domains a lot and they been battling bot attacks on sites like mine all over. It feels targeted (SA being the target). i have my conspiracy theory on this (not willing to share publicly) but its at a point of "just leave us alone"

Also anticipating harder attacks in the coming months. So any form of security is good security just everyone needs to just relearn how these guys attack. for the attacks these guys did its insane to understand how they did it. Youd think these guys did some good with that kind of knowlege.

but yes cloudflare wise its just security its not a thing if it works for the site its just annoying redirects. (unless you using another form of DNS protection and Bot protection)
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X