Unknown client showing up in dashboard

Livius · February 17, 2018, 5:10pm

Under "Top Clients" I discovered several of the following entries:

node-8kr.pool-125-26.dynamic.totbb.net

When I hover the client entries over the links shown are actually:

http://192.168../admin/queries.php?client=iPad.local
http://192.168../admin/queries.php?client=DiskStation.local

When I hover over the other client entries, I get instead the IP address assigned by Pi-hole's DHCP server. I'm not sure what is happening here and would appreciate some insight in solving this mystery. Thanks.

jayray · February 19, 2018, 9:17am

I don't know why your links are like that, but a quick google brought me here. The short story is that totbb .net is part of some kind of spam and bruteforce botnet. My suspicion is that you've been infected.

Livius · February 19, 2018, 4:54pm

An infection is indeed my worry. Not sure hot to investigate this matter.

The entry node-8kr.pool-125-26.dynamic.totbb.net is not displayed under top clients anymore but this doesn't give me peace of mind. I have one unknown hostname entry in the DHCP settings.

Mcat12 · February 19, 2018, 8:18pm

Does restarting FTL change anything?

sudo service pihole-FTL restart

Livius · February 19, 2018, 8:36pm

No but I have now deleted the errant DHCP entries and will keep a close eye on it from now on. Thanks.

system · March 12, 2018, 8:36pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.