Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Ian_D]

Currently got some idiot attempting to hack into my server again (as usual, over FTP)...

He’s been at it for 24 hrs now doing a brute force attack (seems to be about 3-4 attacks per second).

What do they get out of it?

Anyway, I've looked into his IP and found out he’s from China, and have emailed his ISP. Wonder if they will do anything about it??  I bet not.  :-/

Anyone else have any servers? How often do you get attempted hackings?

Wonder how often OOF's servers get attacked too   :-?

[Ziad]

Bloody hackers!  they should be electrocuted!   

[Lizzie_Zoom]

Can't you send a crippling virus out into the hackers system? :-/

If that seems like a stupid question, sorry, it is because I know little about computer systems!

To me it just appears to be a logical thing to do; attack is the best form of defence!!

[Mr Skrunts]

When I started to move home in june my mates phone picked up there were 3 local wireless connections, 2 x BT and something else.  1 of the BT accounts was insecure.

When I met my new neighber, she mentioned she had a full BT vision and interenet package, so out of curriosity I mentioned the insecure BT service, for which I got told straight her's was secure yada yada yads........    Ok so I left it at that.


last week she came and warned me that hers and her sons computers had been hacked and somehow damaged, plus her mobile had been hacked.

Sadly I wasnt interested and I feel she had been warned she may have had an open connection and that she was addamant she was 100% safe.


and no, I had nothing to do with it, I wouldnt even know where to start.

[cem_devecioglu]

they are using some programs which makes automatic password trials..

if possible, stop ftp service..

and some sql drivers are also vulnerable to external attacks ..

[Jimbob]

I get an attack on my ftp every day or 2, 15 or so invalid logins and the ip is blacklisted and doesnt even allow a logon attempt 

[tunnie]

Currently got some idiot attempting to hack into my server again (as usual, over FTP)...

He’s been at it for 24 hrs now doing a brute force attack (seems to be about 3-4 attacks per second).

What do they get out of it?

Anyway, I've looked into his IP and found out he’s from China, and have emailed his ISP. Wonder if they will do anything about it??  I bet not.  :-/

Anyone else have any servers? How often do you get attempted hackings?

Wonder how often OOF's servers get attacked too   :-?

Not sure you need the 's' 

[nick v6]

Currently got some idiot attempting to hack into my server again (as usual, over FTP)...

He’s been at it for 24 hrs now doing a brute force attack (seems to be about 3-4 attacks per second).

What do they get out of it?

Anyway, I've looked into his IP and found out he’s from China, and have emailed his ISP. Wonder if they will do anything about it??  I bet not.  :-/

Anyone else have any servers? How often do you get attempted hackings?

Wonder how often OOF's servers get attacked too   :-?

pm me his ip

[TheBoy]

Yeah, I have loads of hack attempts across all servers here. Mostly stopped at firewall, though obviously some services I have to allow through.

Some of my websites I've set up to email me when a SQL Injection hack is attempted - go through phases of getting several hundred attempts per day, yet other days just a handful.


Generally, in my experience, if you open it up for anonymous, but block writes, and have nothing in there, they won't try brute force.


Set up a pair of new servers for work, on a previously unused subnet. The second the ACLs were lifted from the edge network, non-stop constant probing started.


Thats just part of having a server on the net.

[Ian_D]

I cant see them getting in over FTP really, my password is 11 characters long, contains both letters and numbers, and it also contains capital letters! So good look to them! (Famous last words  )

Just checked servers log file, and its still growing! 

Heres a snippet of the log file: (Servers clock is correct, but the log file must be GMT as its 1 hr behind)

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-07-27 19:17:19
#Fields: time c-ip cs-method cs-uri-stem sc-status sc-win32-status
19:17:19 220.128.178.146 [9]USER Administrator 331 0
19:17:19 220.128.178.146 [9]PASS - 530 1326
19:17:19 220.128.178.146 [9]USER Administrator 331 0
19:17:20 220.128.178.146 [9]PASS - 530 1326
19:17:20 220.128.178.146 [9]USER Administrator 331 0
19:17:20 220.128.178.146 [9]PASS - 530 1326
19:17:21 220.128.178.146 [9]USER Administrator 331 0
19:17:21 220.128.178.146 [9]PASS - 530 1326
19:17:21 220.128.178.146 [9]USER Administrator 331 0
19:17:22 220.128.178.146 [9]PASS - 530 1326
19:17:24 220.128.178.146 [9]USER Administrator 331 0
19:17:24 220.128.178.146 [9]PASS - 530 1326

skip forward 26 hours......

21:18:03 220.128.178.146 [18]USER Amanda 331 0
21:18:04 220.128.178.146 [18]PASS - 530 1326
21:18:04 220.128.178.146 [18]USER Amanda 331 0
21:18:04 220.128.178.146 [18]PASS - 530 1326
21:18:05 220.128.178.146 [18]USER Amanda 331 0
21:18:05 220.128.178.146 [18]PASS - 530 1326
21:18:05 220.128.178.146 [18]USER Amanda 331 0
21:18:06 220.128.178.146 [18]PASS - 530 1326
21:18:06 220.128.178.146 [18]USER Amanda 331 0
21:18:06 220.128.178.146 [18]PASS - 530 1326
21:18:07 220.128.178.146 [18]USER Amanda 331 0
21:18:07 220.128.178.146 [18]PASS - 530 1326

[djm1964]

I get an attack on my ftp every day or 2, 15 or so invalid logins and the ip is blacklisted and doesnt even allow a logon attempt 

whats an ftp pls ?

[Ian_D]

they are using some programs which makes automatic password trials..

if possible, stop ftp service..

and some sql drivers are also vulnerable to external attacks ..

Yes cem, its definitely a program which is doing the attack.

It started with the 'Administrator' Account, and it now looks like its onto a username dictionary list as it keeps changing every hour or so 

I guess I could disable FTP, but I will just leave it for now, after all, its wasting their time! 

SQL Injection is something I've read a little bit about, but I was under the impression that them bugs have been fixed now?

[Ian_D]

I get an attack on my ftp every day or 2, 15 or so invalid logins and the ip is blacklisted and doesnt even allow a logon attempt 

whats an ftp pls ?

File Transfer Protocol....

In simple terms, its a means of moving files from both to and from one machine to another over a network such as the internet.

[TheBoy]

they are using some programs which makes automatic password trials..

if possible, stop ftp service..

and some sql drivers are also vulnerable to external attacks ..

Yes cem, its definitely a program which is doing the attack.

It started with the 'Administrator' Account, and it now looks like its onto a username dictionary list as it keeps changing every hour or so 

I guess I could disable FTP, but I will just leave it for now, after all, its wasting their time! 

SQL Injection is something I've read a little bit about, but I was under the impression that them bugs have been fixed now?

Firstly, ensure your Administrator account is not called Administrator - too easy target!

Shut FTP if not using - they will eventually crack the password (unless you change regularly).  Also, its eating your bandwidth.

SQL Injection is not an MS bug, its a website developer bug, so no patches as such from MS (website developer may or may not issue a patch)

[TheBoy]

I get an attack on my ftp every day or 2, 15 or so invalid logins and the ip is blacklisted and doesnt even allow a logon attempt 

whats an ftp pls ?

File Transfer Protocol....

In simple terms, its a means of moving files from both to and from one machine to another over a network such as the internet.

And insecure, and generally considered 'old hat' now.