The KiwiSDR 2 online store is open for orders! Please visit kiwisdr.nz

Local Access Issue [the bot / IP blacklist thread] [fixed in v1.660]

135

Comments

  • I know that..... had not heard of bots in Singapore before. They run a tight ship there so surprised

  • Remember that the new log messages can help identify the current WF-only bot versus possible legitimate use. Look for the pattern of intermediate frequency/zoom values during the 90 sec connection period, e.g.

    Thu Mar 17 08:17:24 01:17:06.393 01..  1   L    58.59 kHz  WF z8  "kiwirecorder.py" 144.202.84.81 (ARRIVED)
    Thu Mar 17 08:17:28 01:17:10.570 01..  1        58.59 kHz  WF z8  "kiwirecorder.py" 144.202.84.81 0:00:04
    Thu Mar 17 08:17:38 01:17:20.568 01..  1       292.97 kHz  WF z8  "kiwirecorder.py" 144.202.84.81 0:00:14
    Thu Mar 17 08:17:40 01:17:22.576 01..  1   L GEOLOC: 144.202.84.81 sent no geoloc info, we got "Seattle, Washington, USA" from geo host #0
    Thu Mar 17 08:17:48 01:17:30.568 01..  1       703.13 kHz  WF z6  "kiwirecorder.py" 144.202.84.81 Seattle, Washington, USA 0:00:24
    Thu Mar 17 08:17:58 01:17:40.568 01..  1      1406.25 kHz  WF z5  "kiwirecorder.py" 144.202.84.81 Seattle, Washington, USA 0:00:34
    Thu Mar 17 08:18:08 01:17:50.571 01..  1      3281.25 kHz  WF z5  "kiwirecorder.py" 144.202.84.81 Seattle, Washington, USA 0:00:44
    Thu Mar 17 08:18:18 01:18:00.568 01..  1      9375.00 kHz  WF z3  "kiwirecorder.py" 144.202.84.81 Seattle, Washington, USA 0:00:54
    Thu Mar 17 08:18:28 01:18:10.570 01..  1     13125.00 kHz  WF z3  "kiwirecorder.py" 144.202.84.81 Seattle, Washington, USA 0:01:04
    Thu Mar 17 08:18:38 01:18:20.569 01..  1     20625.00 kHz  WF z3  "kiwirecorder.py" 144.202.84.81 Seattle, Washington, USA 0:01:14
    Thu Mar 17 08:18:48 01:18:30.568 01..  1     28125.00 kHz  WF z3  "kiwirecorder.py" 144.202.84.81 Seattle, Washington, USA 0:01:24
    Thu Mar 17 08:18:56 01:18:38.152 0...  1   L 28125.00 kHz  WF z3  "kiwirecorder.py" 144.202.84.81 Seattle, Washington, USA (LEAVING after 0:01:32)
    


  • Fri Mar 25 14:15:36 5d:17:08:59.592 0... 0        410.16 kHz  WF z8  "kiwirecorder.py" 140.82.23.11 Los Angeles, California, USA 0:00:24
    Fri Mar 25 14:15:46 5d:17:09:09.592 0... 0       1406.25 kHz  WF z5  "kiwirecorder.py" 140.82.23.11 Los Angeles, California, USA 0:00:34
    Fri Mar 25 14:15:56 5d:17:09:19.592 0... 0       3281.25 kHz  WF z5  "kiwirecorder.py" 140.82.23.11 Los Angeles, California, USA 0:00:44
    Fri Mar 25 14:16:06 5d:17:09:29.592 0... 0       5625.00 kHz  WF z3  "kiwirecorder.py" 140.82.23.11 Los Angeles, California, USA 0:00:54
    Fri Mar 25 14:16:16 5d:17:09:39.592 0... 0      13125.00 kHz  WF z3  "kiwirecorder.py" 140.82.23.11 Los Angeles, California, USA 0:01:04
    Fri Mar 25 14:16:26 5d:17:09:49.592 0... 0      20625.00 kHz  WF z3  "kiwirecorder.py" 140.82.23.11 Los Angeles, California, USA 0:01:14
    Fri Mar 25 14:16:36 5d:17:09:59.592 0... 0      24375.00 kHz  WF z3  "kiwirecorder.py" 140.82.23.11 Los Angeles, California, USA 0:01:24
    Fri Mar 25 14:16:44 5d:17:10:07.889 .... 0    L 28125.00 kHz  WF z3  "kiwirecorder.py" 140.82.23.11 Los Angeles, California, USA (LEAVING after 0:01:32)
    


  • Very interesting discussion, I get this :-

    Sun Mar 27 00:24:45 09:35:25.157 .... [00]   ADMIN connection closed
    Sun Mar 27 00:26:43 09:37:22.894 0... 0      PWD kiwi W/F ALLOWED: no config pwd set, allow any (158.247.235.18)
    Sun Mar 27 00:26:44 09:37:23.518 0... 0    L    58.59 kHz  WF z8  "kiwirecorder.py" 158.247.235.18 (ARRIVED)
    Sun Mar 27 00:26:52 09:37:32.103 0... 0      API: decided connection is non-Kiwi app (0)
    Sun Mar 27 00:26:52 09:37:32.103 0... 0      API: ext_api_users=1 >? ext_api_ch=4 F(OKAY)
    Sun Mar 27 00:27:00 09:37:40.103 0... 0        292.97 kHz  WF z8  "kiwirecorder.py" 158.247.235.18 0:00:18
    Sun Mar 27 00:27:01 09:37:41.113 0... 0    L GEOLOC: 158.247.235.18 sent no geoloc info, we got "Seoul, South Korea" from geo host #2
    Sun Mar 27 00:27:01 09:37:41.117 0...        task geoloc_task:P2:T002((1000.000 msec) TaskSleep) exited by returning
    Sun Mar 27 00:27:10 09:37:50.103 0... 0        703.13 kHz  WF z6  "kiwirecorder.py" 158.247.235.18 Seoul, South Korea 0:00:28
    Sun Mar 27 00:27:20 09:38:00.103 0... 0       2343.75 kHz  WF z5  "kiwirecorder.py" 158.247.235.18 Seoul, South Korea 0:00:38
    Sun Mar 27 00:27:30 09:38:10.106 0... 0       3281.25 kHz  WF z5  "kiwirecorder.py" 158.247.235.18 Seoul, South Korea 0:00:48
    Sun Mar 27 00:27:40 09:38:20.103 0... 0       9375.00 kHz  WF z3  "kiwirecorder.py" 158.247.235.18 Seoul, South Korea 0:00:58
    Sun Mar 27 00:27:50 09:38:30.103 0... 0      16875.00 kHz  WF z3  "kiwirecorder.py" 158.247.235.18 Seoul, South Korea 0:01:08
    Sun Mar 27 00:28:00 09:38:40.103 0... 0      20625.00 kHz  WF z3  "kiwirecorder.py" 158.247.235.18 Seoul, South Korea 0:01:18
    Sun Mar 27 00:28:10 09:38:50.106 0... 0      28125.00 kHz  WF z3  "kiwirecorder.py" 158.247.235.18 Seoul, South Korea 0:01:28
    Sun Mar 27 00:28:14 09:38:53.928 .... 0    L 28125.00 kHz  WF z3  "kiwirecorder.py" 158.247.235.18 Seoul, South Korea (LEAVING after 0:01:31)
    Sun Mar 27 00:37:54 09:48:34.096 0... 0      TLIMIT-IP connecting LIMIT OKAY cur:0 < lim:75 for 102.65.130.40
    Sun Mar 27 00:37:54 09:48:34.096 0... 0      PWD kiwi SND ALLOWED: no config pwd set, allow any (102.65.130.40)
    Sun Mar 27 00:37:56 09:48:35.627 0... 0      PWD kiwi W/F ALLOWED: no config pwd set, allow any (102.65.130.40)
    


  • I have an auto-ban solution partly working..

  • Thanks @jks, that would be cool. I've been monitoring my logs a lot more lately and along with giving me a better understanding of them, I've noticed somewhat of a pattern. I've been blocking the incoming IP address each time I catch them, but it appears that they either change their IP address or add new ones every 2 days. If I'm right, I should get a new hit from a different IP address today at some point.

    Mar 21 10:28:58 kiwisdr kiwid: 1d:00:47:34.414 0... 0       58.59 kHz  WF z8  "kiwirecorder.py" 45.32.124.96 (ARRIVED)
    Mar 21 10:30:28 kiwisdr kiwid: 1d:00:49:04.848 .... 0    28125.00 kHz  WF z3  "kiwirecorder.py" 45.32.124.96 Queenstown Estate, Singapore (LEAVING after 0:01:31
    )
    Mar 23 11:20:16 kiwisdr kiwid: 3d:01:38:52.448 012.   2     58.59 kHz  WF z8  "kiwirecorder.py" 158.247.235.18 (ARRIVED)
    Mar 23 11:21:46 kiwisdr kiwid: 3d:01:40:23.026 0...   2  28125.00 kHz  WF z3  "kiwirecorder.py" 158.247.235.18 Seoul, South Korea (LEAVING after 0:01:32)
    Mar 23 12:29:51 kiwisdr kiwid: 3d:02:48:27.787 012.   2     58.59 kHz  WF z8  "kiwirecorder.py" 158.247.235.18 (ARRIVED)
    Mar 23 12:31:23 kiwisdr kiwid: 3d:02:49:59.496 01..   2  28125.00 kHz  WF z3  "kiwirecorder.py" 158.247.235.18 Seoul, South Korea (LEAVING after 0:01:32)
    Mar 25 09:18:34 kiwisdr kiwid: 4d:23:37:10.319 01..  1      58.59 kHz  WF z8  "kiwirecorder.py" 140.82.23.11 (ARRIVED)
    Mar 25 09:20:06 kiwisdr kiwid: 4d:23:38:42.107 0...  1   28125.00 kHz  WF z3  "kiwirecorder.py" 140.82.23.11 Los Angeles, California, USA (LEAVING after 0:01:32
    )
    Mar 25 12:11:03 kiwisdr kiwid: 5d:02:29:39.673 0... 0       58.59 kHz  WF z8  "kiwirecorder.py" 140.82.23.11 (ARRIVED)
    Mar 25 12:12:36 kiwisdr kiwid: 5d:02:31:12.416 .... 0    28125.00 kHz  WF z3  "kiwirecorder.py" 140.82.23.11 Los Angeles, California, USA (LEAVING after 0:01:33
    )
    


  • Well I was close. It was a little over 2 days but here's a new one.

    Mon Mar 28 09:31:08 7d:23:49:44.193 0... 0      PWD kiwi W/F ALLOWED: no config pwd set, allow any (167.179.65.161)
    Mon Mar 28 09:31:08 7d:23:49:44.700 0... 0    L    58.59 kHz  WF z8  "kiwirecorder.py" 167.179.65.161 (ARRIVED)
    Mon Mar 28 09:31:18 7d:23:49:54.127 0... 0      API: decided connection is non-Kiwi app (0)
    Mon Mar 28 09:31:18 7d:23:49:54.128 0... 0      API: ext_api_users=1 >? ext_api_ch=4 F(OKAY)
    Mon Mar 28 09:31:26 7d:23:50:02.127 0... 0        292.97 kHz  WF z8  "kiwirecorder.py" 167.179.65.161 0:00:18
    Mon Mar 28 09:31:28 7d:23:50:04.147 0... 0    L GEOLOC: 167.179.65.161 sent no geoloc info, we got "Shinagawa, Japan" from geo host #0
    Mon Mar 28 09:31:28 7d:23:50:04.154 0...        task geoloc_task:P2:T002((1000.000 msec) TaskSleep) exited by returning
    Mon Mar 28 09:31:36 7d:23:50:12.127 0... 0        703.13 kHz  WF z6  "kiwirecorder.py" 167.179.65.161 Shinagawa, Japan 0:00:28
    Mon Mar 28 09:31:46 7d:23:50:22.127 0... 0       2343.75 kHz  WF z5  "kiwirecorder.py" 167.179.65.161 Shinagawa, Japan 0:00:38
    Mon Mar 28 09:31:56 7d:23:50:32.127 0... 0       3281.25 kHz  WF z5  "kiwirecorder.py" 167.179.65.161 Shinagawa, Japan 0:00:48
    Mon Mar 28 09:32:06 7d:23:50:42.127 0... 0       9375.00 kHz  WF z3  "kiwirecorder.py" 167.179.65.161 Shinagawa, Japan 0:00:58
    Mon Mar 28 09:32:16 7d:23:50:52.127 0... 0      16875.00 kHz  WF z3  "kiwirecorder.py" 167.179.65.161 Shinagawa, Japan 0:01:08
    Mon Mar 28 09:32:26 7d:23:51:02.127 0... 0      20625.00 kHz  WF z3  "kiwirecorder.py" 167.179.65.161 Shinagawa, Japan 0:01:18
    Mon Mar 28 09:32:36 7d:23:51:12.127 0... 0      28125.00 kHz  WF z3  "kiwirecorder.py" 167.179.65.161 Shinagawa, Japan 0:01:28
    Mon Mar 28 09:32:39 7d:23:51:15.258 .... 0    L 28125.00 kHz  WF z3  "kiwirecorder.py" 167.179.65.161 Shinagawa, Japan (LEAVING after 0:01:31)
    


  • These guys seem to be a prime source of the recurrent kiwirecorder.py connects.


  • at the OS level, where do I find the kiwi logs

  • Good morning ....

    I probably make some mistakes, but how come despite adding IPs to my local Blacklist


    the same IPs still have access to my KIWI?


  • edited April 2022

    @fabrys if you want add 1 ip address use /32 (example 140.82.23.11/32) and type Enter key after add new addresses to your Blacklist. After you are finish adding the new IP - go to the Log tab, you should see the iptables reload:


  • @rz3dvp ....thank you!! I had omitted a passage.

  • jksjks
    edited March 2022

    You don't need to add /32 for a single ip address. 1.2.3.4 and 1.2.3.4/32 are equivalent. To verify, use the console tab and type the alias ipt to see the current iptable. Entries will be under the KIWI chain at the end.

    I need to improve the UI for those text area panels (local blacklist, ALE admin menu, additional HTML). They need to auto-save and/or have a save button in addition to the current hack of typing return at the end of the text. If you just enter changes in the middle of the text they don't get saved which is lame. You know your changes have been saved when the panel flashes green just like the input fields do.

  • jksjks
    edited April 2022

    Okay, we now have a case where information from this thread was used by a Kiwi owner to block an ip range, but which also blocked the noip.com DUC server used by the DUC client on the admin page, connect tab. The owner couldn't figure out why their DUC client wasn't working all of a sudden.

    dynupdate.no-ip.com is at 158.247.7.204 so don't put 158.247.0.0/16 into your local blacklist if you use the noip DUC. Now the story is actually a little more complicated than this. The ip reported in this thread was 158.247.235.18 which belongs to the Vultr CIDR 158.247.192.0/18 (158.247.192.0 - 158.247.255.255). But the admin incorrectly entered 158.247.0.0/16 (158.247.0.0 - 158.247.255.255) which is too large and captured the noip address.

    Related: I have implemented a "whitelist" capability for the next software release. So you can whitelist a single ip while still having the rest of the range blocked if it's really causing you problems.

  • I have updated the downloadable blacklist with all of the IPs mentioned in this thread so far (please let me know if I missed anything). The admin network tab should indicate there is a new download available.

  • It's been well over 10 days since I've had a WF only connection by anything other than "SNR-Measure." My receiver has been working fine and I've had no random restarts during that time. The list of IP addresses that I have logged for these bots are as follows:

    173.199.70.39

    66.42.116.198

    149.28.166.127

    192.248.145.77

    144.202.84.81

    216.238.73.79

    144.202.76.200

    149.28.38.97

    45.32.124.96

    158.247.235.18

    140.82.23.11

    167.179.65.161

    139.180.147.173

    207.246.127.130

    Thanks again @jks for all of your help with this.

  • I had a feeling I was jinxing myself when I made that last post this morning. They have another IP.

    Apr 14 15:04:14 kiwisdr kiwid: 5d:00:39:59.867 0123    3    58.59 kHz  WF z8  "kiwirecorder.py" 108.61.177.90 (ARRIVED)
    Apr 14 15:04:30 kiwisdr kiwid: 5d:00:40:16.157 0123    3 GEOLOC: 108.61.177.90 sent no geoloc info, we got "Paris, France" from geo host #1
    Apr 14 15:05:47 kiwisdr kiwid: 5d:00:41:32.824 012.    3 28125.00 kHz  WF z3  "kiwirecorder.py" 108.61.177.90 Paris, France (LEAVING after 0:01:33)
    


  • The first rule about kiwi bot fight club...

    Thanks for 108.61.176.0/23, I had a much more expansive entry in my router.

  • ... always the same, I thought he was already on the general blacklist, the hi on the local one. However, I see some strange commands than usual.


  • edited April 2022

    65.20.112.0/23

    Added to my router

    Vultr - Florida (actual address 65.20.113.188)

  • I got scanned by the Florida address last night also.

    Apr 16 10:18:52 kiwisdr kiwid: 6d:19:54:37.828 01.. 0    58.59 kHz WF z8 "kiwirecorder.py" 65.20.113.188 (ARRIVED)

    Apr 16 10:20:24 kiwisdr kiwid: 6d:19:56:10.547 .1.. 0  28125.00 kHz WF z3 "kiwirecorder.py" 65.20.113.188 West Palm Beach, Florida, USA (LEAVING after 0:01:33)

    I think I know why I was ignored for a 10 day span over the past week and a half. My SMA connector came loose and my noise floor was pretty high because of it. Perhaps I was deemed unworthy. 😂

  • I got a new hit last night from the Netherlands. They were hitting me every 20 to 45 minutes or so for a bit. Just sharing.


    Apr 30 19:30:32 kiwisdr kiwid: 3d:16:05:34.548 0... 0       58.59 kHz  WF z8  "kiwirecorder.py" 199.247.26.127 (ARRIVED)
    Apr 30 19:30:45 kiwisdr kiwid: 3d:16:05:47.944 0... 0    GEOLOC: 199.247.26.127 sent no geoloc info, we got "Amsterdam, Netherlands" from geo host #2
    Apr 30 19:32:06 kiwisdr kiwid: 3d:16:07:08.280 .... 0    28125.00 kHz  WF z3  "kiwirecorder.py" 199.247.26.127 Amsterdam, Netherlands (LEAVING after 0:01:34)
    Apr 30 19:53:29 kiwisdr kiwid: 3d:16:28:31.124 0... 0       58.59 kHz  WF z8  "kiwirecorder.py" 199.247.26.127 (ARRIVED)
    Apr 30 19:53:45 kiwisdr kiwid: 3d:16:28:47.929 0... 0    GEOLOC: 199.247.26.127 sent no geoloc info, we got "Amsterdam, Netherlands" from geo host #2
    Apr 30 19:55:01 kiwisdr kiwid: 3d:16:30:03.869 .... 0    28125.00 kHz  WF z3  "kiwirecorder.py" 199.247.26.127 Amsterdam, Netherlands (LEAVING after 0:01:33)
    May  1 03:19:07 kiwisdr kiwid: 3d:23:54:09.763 01.. 0       58.59 kHz  WF z8  "kiwirecorder.py" 199.247.26.127 (ARRIVED)
    May  1 03:19:26 kiwisdr kiwid: 3d:23:54:28.950 01.. 0    GEOLOC: 199.247.26.127 sent no geoloc info, we got "Amsterdam, Netherlands" from geo host #0
    May  1 03:20:40 kiwisdr kiwid: 3d:23:55:42.523 .1.. 0    28125.00 kHz  WF z3  "kiwirecorder.py" 199.247.26.127 Amsterdam, Netherlands (LEAVING after 0:01:33)
    May  1 04:05:43 kiwisdr kiwid: 4d:00:40:45.886 01.. 0       58.59 kHz  WF z8  "kiwirecorder.py" 199.247.26.127 (ARRIVED)
    May  1 04:05:57 kiwisdr kiwid: 4d:00:40:59.941 01.. 0    GEOLOC: 199.247.26.127 sent no geoloc info, we got "Amsterdam, Netherlands" from geo host #0
    May  1 04:07:15 kiwisdr kiwid: 4d:00:42:18.578 .1.. 0    28125.00 kHz  WF z3  "kiwirecorder.py" 199.247.26.127 Amsterdam, Netherlands (LEAVING after 0:01:33)
    May  1 04:27:22 kiwisdr kiwid: 4d:01:02:25.467 012.   2     58.59 kHz  WF z8  "kiwirecorder.py" 199.247.26.127 (ARRIVED)
    May  1 04:27:35 kiwisdr kiwid: 4d:01:02:37.941 012.   2  GEOLOC: 199.247.26.127 sent no geoloc info, we got "Amsterdam, Netherlands" from geo host #1
    May  1 04:28:55 kiwisdr kiwid: 4d:01:03:58.546 01.3   2  28125.00 kHz  WF z3  "kiwirecorder.py" 199.247.26.127 Amsterdam, Netherlands (LEAVING after 0:01:33)
    May  1 05:14:13 kiwisdr kiwid: 4d:01:49:15.575 01.. 0       58.59 kHz  WF z8  "kiwirecorder.py" 199.247.26.127 (ARRIVED)
    May  1 05:14:26 kiwisdr kiwid: 4d:01:49:28.929 01.. 0    GEOLOC: 199.247.26.127 sent no geoloc info, we got "Amsterdam, Netherlands" from geo host #0
    May  1 05:15:46 kiwisdr kiwid: 4d:01:50:48.261 .1.. 0    28125.00 kHz  WF z3  "kiwirecorder.py" 199.247.26.127 Amsterdam, Netherlands (LEAVING after 0:01:33)
    May  1 05:37:29 kiwisdr kiwid: 4d:02:12:32.022 0... 0       58.59 kHz  WF z8  "kiwirecorder.py" 199.247.26.127 (ARRIVED)
    May  1 05:37:45 kiwisdr kiwid: 4d:02:12:47.944 0... 0    GEOLOC: 199.247.26.127 sent no geoloc info, we got "Amsterdam, Netherlands" from geo host #2
    May  1 05:39:02 kiwisdr kiwid: 4d:02:14:04.760 .... 0    28125.00 kHz  WF z3  "kiwirecorder.py" 199.247.26.127 Amsterdam, Netherlands (LEAVING after 0:01:33)
    May  1 07:49:03 kiwisdr kiwid: 4d:04:24:06.098 0... 0       58.59 kHz  WF z8  "kiwirecorder.py" 199.247.26.127 (ARRIVED)
    May  1 07:49:15 kiwisdr kiwid: 4d:04:24:17.929 0... 0    GEOLOC: 199.247.26.127 sent no geoloc info, we got "Amsterdam, Netherlands" from geo host #2
    May  1 07:50:36 kiwisdr kiwid: 4d:04:25:38.820 .... 0    28125.00 kHz  WF z3  "kiwirecorder.py" 199.247.26.127 Amsterdam, Netherlands (LEAVING after 0:01:33)
    May  1 11:41:19 kiwisdr kiwid: 4d:08:16:21.332 01..  1      58.59 kHz  WF z8  "kiwirecorder.py" 199.247.26.127 (ARRIVED)
    May  1 11:41:35 kiwisdr kiwid: 4d:08:16:37.936 01..  1   GEOLOC: 199.247.26.127 sent no geoloc info, we got "Amsterdam, Netherlands" from geo host #1
    May  1 11:42:51 kiwisdr kiwid: 4d:08:17:54.020 0...  1   28125.00 kHz  WF z3  "kiwirecorder.py" 199.247.26.127 Amsterdam, Netherlands (LEAVING after 0:01:34)
    May  1 12:43:31 kiwisdr kiwid: 4d:09:18:33.822 0... 0       58.59 kHz  WF z8  "kiwirecorder.py" 199.247.26.127 (ARRIVED)
    May  1 12:43:45 kiwisdr kiwid: 4d:09:18:47.929 0... 0    GEOLOC: 199.247.26.127 sent no geoloc info, we got "Amsterdam, Netherlands" from geo host #2
    May  1 12:45:04 kiwisdr kiwid: 4d:09:20:06.553 .... 0    28125.00 kHz  WF z3  "kiwirecorder.py" 199.247.26.127 Amsterdam, Netherlands (LEAVING after 0:01:33)
    
    


  • Confirmed same IP for me. I kicked, and added the /24 it's in to the local blocklist.

  • I had a couple more yesterday. Piscataway and Houston.

    May  5 14:22:11 kiwisdr kiwid: 1d:00:09:53.524 0...  1   28125.00 kHz  WF z3  "kiwirecorder.py" 104.238.132.42 Piscataway, New Jersey, USA (LEAVING after 0:01:3
    3)
    
    May  May  5 15:34:20 kiwisdr kiwid: 1d:01:22:02.556 0...  1   28125.00 kHz  WF z3  "kiwirecorder.py" 104.238.132.42 Houston, Texas, USA (LEAVING after 0:01:32)
    


  • I have added the most recently reported IPs into the downloadable blacklist.

  • Thanks @jks . Here's another.

    May  6 15:16:54 kiwisdr kiwid: 00:18:34.490 012.   2     58.59 kHz  WF z8  "kiwirecorder.py" 141.164.57.204 (ARRIVED)
    May  6 15:18:29 kiwisdr kiwid: 00:20:09.538 01..   2  28125.00 kHz  WF z3  "kiwirecorder.py" 141.164.57.204 Seoul, South Korea (LEAVING after 0:01:36)
    


  • And I just got hit by 2 more.

    May  7 13:06:44 kiwisdr kiwid: 22:08:24.453 01.3   2    292.97 kHz  WF z8  "kiwirecorder.py" 216.238.81.138 Mexico City, Mexico (LEAVING after 0:01:13)
    May  7 13:06:58 kiwisdr kiwid: 22:08:38.647 01..    3   410.16 kHz  WF z8  "kiwirecorder.py" 104.238.132.42 Mexico City, Mexico (LEAVING after 0:01:23)
    


  • Seoul is new. But the other two are already on the list.

    Please check first and don't send me on a wild goose chase. Trust me, I don't have the time.

  • Sorry about that. I update the list under Admin every time it says a new list is available. I figured if they were scanning me then they weren't on it. I'll verify next time.

    Thanks!

  • Hi All, just discovered this thread, I think I can shed some light as to who is using our Kiwis with the name kiwirecorder.py.

    I was first contacted by him in 2018 after I noticed he was using my Kiwi for several hrs per day and I had no limit at the time but after applying a 2hr limit I got an email from him apologising if he was taking up too much time and explained his reasons for the long recordings.

    I have received 2 donations for use of the SDR and a few weeks ago he contacted me offering to pay me monthly for exclusive use of 1 channel.

    He said his hobby is the analysis of communications signals and I have no reason to believe he is being malicious.

Sign In or Register to comment.