On Sat, 2009-05-09 at 22:35 -0700, Kurt Granroth wrote:
That seems... unlikely. I have had thousands of unique IPs hit some of
my hosts, many to never repeat after a round of attacks. The more
plausible route is that they have a botnet of pwned boxes numbering in
the hundreds of thousands
This is the FIRST thing in setting up any secure server (along with say not
running Apache or Mysql as root, etc.)
Evidently you have not attended the HackFests, where more than a few of the
group were well, able to gain a login on a machine with various tools
including Brute Forcing via Muppet,
Here's a video using custom dictionaries and netcat:
http://bitcast-a.bitgravity.com/revision3/web/hak5/0511/hak5--0511--netcat-virtualization-wordpress--large.xvid.avi
You only see the foolish ones in your logs, these exploits can also use an
obfuscated source for a number of each of their
PM
To: Main PLUG discussion list
Subject: Re: Chinese Kiddos with Broken Dicts?
That seems... unlikely. I have had thousands of unique IPs hit some of my
hosts, many to never repeat after a round of attacks. The more plausible
route is that they have a botnet of pwned boxes numbering
Helloes.
Yes, another thread about the Chinese.
Okayso over the past couple days I've been seeing things like this:
/var/log/messages:May 9 11:00:10 (none) sshd[688]: Connection from
200.111.157.187 port 51751
/var/log/messages:May 9 11:00:10 (none) sshd[688]: Did not receive
identification
Be afraid, very afraid!
You must put that IP in your firewall!
There's a good chance they already go in, if you didn't put in iptables
brute force controls?
On Sat, May 9, 2009 at 5:39 PM, Andrew Tuna Harris
t...@supertunaman.comwrote:
Helloes.
Yes, another thread about the Chinese.
Excerpts from Lisa Kachold's message of Sat May 09 20:17:24 -0700 2009:
Be afraid, very afraid!
Oh hamburgers!
You must put that IP in your firewall!
Done.
There's a good chance they already go in, if you didn't put in iptables
brute force controls?
OH SHI-
How'd they get in? What's
That seems... unlikely. I have had thousands of unique IPs hit some of
my hosts, many to never repeat after a round of attacks. The more
plausible route is that they have a botnet of pwned boxes numbering in
the hundreds of thousands and they just use them for random dictionary
attacks.