In last few days, I've been getting a lot of possible attack warning from my IDS. Before, i always get some local port scan, brut force attack. Yesterday, I found one form Hong Kong.. i was like.. how could that be?
Then, I found the reason. 1,2 days ago.. I login to a photography site and post some of my photos, and I updated my profile and put my domain name on it. That site is from HK.. so.. I guess that explain why I got more attacker from HK.
I totally forgot to mention about "spider". I believe after posting that photo site (dcfever.com) I got attack from HK. I believe somehow some hacker use spider program to search every one's profile and see if there is a site. I believe that's how they got my site. I'm putting myself in a hacker's situation, I would do this. Why waste the time to surf every one's profile and see if there is any possible site to attack?:-)
I've been thinking to do something interesting to my possible attacker. I was thinking to hack them back.. but. hehe... i'm not a good hacker and i dun wanna get in big trouble. So, I've been thinking to telnet their mail port (25) and use snmp protocol to send them an email and tell them that there is 'someone' trying to hack other people's network. (hey, if someone trying to login my ssh with root or ssh more than 5 and it's not me, i'm sure that's not accident!!) That would be fun.. but I think i'll have to mangle my IP too. Just send that mail command, i wouldn't care if i got receive back.
Unfortunately, my Rogers broadband block port 25.. sigh.. I've been thinking to switch an other ISP.. found one for $45 with a static IP and all port open!! That seems to be a good choice tho.