Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Ian_D]

At 3 attempts per second, they will have performed about 281,000 unsuccessful attempts at logging in!

 

Loosers!

Yeah, I have loads of hack attempts across all servers here. Mostly stopped at firewall, though obviously some services I have to allow through.

Some of my websites I've set up to email me when a SQL Injection hack is attempted - go through phases of getting several hundred attempts per day, yet other days just a handful.


Generally, in my experience, if you open it up for anonymous, but block writes, and have nothing in there, they won't try brute force.


Set up a pair of new servers for work, on a previously unused subnet. The second the ACLs were lifted from the edge network, non-stop constant probing started.


Thats just part of having a server on the net.

I did think about just allowing FTP like you said above with an empty folder.

How secure is a virtual folder in IIS? As I can access a main part of my server thorough one! I guess the only way someone can gain access to that is if they first gain access to the default FTP dir, and then guess the virtual dir path? :-?

[Ian_D]

I get an attack on my ftp every day or 2, 15 or so invalid logins and the ip is blacklisted and doesnt even allow a logon attempt 

whats an ftp pls ?

File Transfer Protocol....

In simple terms, its a means of moving files from both to and from one machine to another over a network such as the internet.

And insecure, and generally considered 'old hat' now.

Agree with that, but its still a handy feature - which I tend to use moving small files when im at work / mates etc.

[Del Boy]

Hunt him down and shoot him!

[Ian_D]

Hunt him down and shoot him!

Taiwan is the place to go, anyone fancy an OOF meet? 

[eddie]

How about putting a router/firewall into service?

There again, will that stop Legitimate use of your server?

eddie

[Ian_D]

A firewall would be a good idea, but it also would create problems itself. It would need to have port 21 open anyway for FTP, so wouldn't have any effect here.

Anyway, Hacker update... 'Still going strong!' 

23:42:54 220.128.178.146 [18]USER daniel 331 0
23:42:54 220.128.178.146 [18]PASS - 530 1326
23:42:55 220.128.178.146 [18]USER daniel 331 0
23:42:55 220.128.178.146 [18]PASS - 530 1326
23:42:55 220.128.178.146 [18]USER daniel 331 0
23:42:56 220.128.178.146 [18]PASS - 530 1326

Like TB said, I think I may just set the default FTP path to an empty folder, which is read only - and thus render it useless to the public user.

[eddie]

Is this of any use?

http://serverfault.com/questions/42396/prevent-brute-force-attacks-in-microsoft-ftp-server-iis6-7


eddie

[Chris_H]

Can't you block specific IPs on your firewall?

[eddie]

Looks like he's a naughty boy,he's on these Blacklist sites,along with one or two others!

http://vmx.yourcmc.ru/BAD_HOSTS.IP4

http://pastie.org/pastes/529764

eddie

[Ian_D]

Can't you block specific IPs on your firewall?

I guess I could do actually thinking about it... 
Anyway, they gave up last night at 3:08am... Loosers!

[Ian_D]

Is this of any use?

http://serverfault.com/questions/42396/prevent-brute-force-attacks-in-microsoft-ftp-server-iis6-7


eddie

Cheers for that link, I will have a proper look at that this eve. 

[Mr Skrunts]

Pity you cant find his email address and bomb him with an email mail flood.

[Chris_H]

Can't you block specific IPs on your firewall?

I guess I could do actually thinking about it... 
Anyway, they gave up last night at 3:08am... Loosers!

You hope.

[Martin_1962]

Can't you repeatedly access his IP?

[Ian_D]

Can't you repeatedly access his IP?

If I could be bothered to, I guess so yes...