SA government sites go down

Anyone notice that DSTV and SuperSport websites is also down or un-accessible?
 
Anyone notice that DSTV and SuperSport websites is also down or un-accessible?

I can access both DSTV and supersport fine

It takes a while to resolve though so points to some sort of dns issue
 
supersport,dstv down for me...afrihost as isp
 
I would honestly be worried about some of the gov sites having port 3306 wide open with default userid/password. Had I known this sooner, then I would not have needed 13 attempts and 10 years in getting my first ID book. Just looking at Sita's ASN (note to Sita lawyers: this is not hacking) shows some shocking results.

If Sita engineers are still looking - here is my take:

IP Address ###.###.###.### is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.

It was last detected at 2014-04-30 10:00 GMT (+/- 30 minutes), approximately 2 hours ago.

This IP address is infected with, or is NATting for a machine infected with the ZeuS trojan, also known as "Zbot" and "WSNPoem".

ZeuS is a malicious software (malware) used by cybercriminals to commit ebanking fraud and steal sensitive personal data, such as credentials (username, password) for online services (email, webmail, etc.).

The infection was detected by observing this IP address attempting to make contact to a ZeuS Command and Control server (C&C), a central server used by the criminals to control with ZeuS infected computers (bots).

^^^ You all know what is running within the Sita network - so goodbye your data and a pity that POPI is still not active and ECT gets ignored by government institutions.

Hint:
Behind a NAT, you should be able to find the infected machine by looking for attempted connections to IP address 192.42.119.41 or host name sellersa.in on any port with a network sniffer such as wireshark. Equivalently, you can examine your DNS server or proxy server logs to references to 192.42.119.41 or sellersa.in. Ignore the references to port 25/SMTP traffic - the identifying activity is NOT on port 25.

And a bit of Bitcoin mining going on also:
IP Address ###.###.###.### is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.

It was last detected at 2014-04-28 00:00 GMT (+/- 30 minutes), approximately 2 days, 12 hours ago.

This IP address is infected with, or is NATting for a machine infected with the ZeroAccess botnet, also known as Sirefef. It is most often used for bitcoin mining or click fraud, but as it contains a downloader portion, it can do anything.

If this IP address is a NAT gateway, it should be possible to find which computer on your internal network is infected by implementing a filter on your firewall to detect and log attempts to send UDP packets to the Internet with a destination port number of 16470.
 
Last edited:
Top
Sign up to the MyBroadband newsletter
X