Wilton Helm wrote: > If life were only that simple. A lot of hacking passes through > unsuspecting intermediary computers, precisely to hide their tracks, not > to mention IP spoofing. People have offered for sale access to 10,000 > computers to use for propagating mischief. That's a lot of IPs to block! > > I got hacked about six months ago. They came in through SSH and figured > out roots password, which was a concatenation of two English words. I > presume they did a dictionary search.
I used to get hit very hard with these type of attacks (hundreds to thousands per day) on 25-30 servers until I added some iptables rules to REJECT the offending IP for 5 minutes after three unsuccessful attempts in 60 seconds. The attacks typically have dropped to less than five per day. This means those that need access don't need to make _odd_ changes to standard programs' setting and the rules do allow a whitelisting of specific IPs. \\||/ Rod -- > Then they changed the password, > replaced some key files and launched a denial of service attack against > somebody (including compiling the program on my machine)! > > I traced the IP address to a Comcast customer in Indiana or something > and notified Comcast, but haven't heard anything. Probably their > customer never even knew it happened--it was probably a hijacked situation. > > Prior to that I had been logging hundreds of robotic attacks a day that > were unsuccessful! > > I re-installed everything and changed my SSH to a non-standard port and > used a more robust password. I haven't had a single hack attempt the > four months since. For my purposes, I don't really need SSH on a > standard port. That made all the difference in the world. > > Two areas that have had large hacker presences in the past: Russia and > China. A lot of E-Mail spam originates in those two areas, also. I've > considered blocking the entire host domain for any provider generating > spam from those regions, as I have no legitimate business need to > correspond with people in those regions in general. However, I suspect > it might block messages from a few users on this list, and I know it > would block at least one user from another list I am on. > > Wilton > > > > ------------------------------------------------------------------------ > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users