Thread: More Hackers
-
February 21st, 2009, 02:19 #1
More Hackers
Just a heads up for all of you running sites, We just got a wave of hacking attempts on our site, from Denmark and Germany. There were around 100 IP addresses cached and logged by our watchdog. But I know a few other sites have had issues in the past right about the same time we get hit. So I thought I would let you all know it is happening to us again.
-
February 21st, 2009, 07:16 #2
Well looks like they left me alone this time at the least. No fun new mainpage for either of the Wikis... Thanks for the headsup though.
- Obe
-
February 21st, 2009, 08:43 #3
After further investigation into the logs it looks like they were trying to hack into the downloads section on the site. Kinda funny when you stop to think about the fact that not only do we not have any downloads on the site yet, but the entire system is actually commented out on the core because we are not sure yet that there will ever be any downloads on the site.
-
February 21st, 2009, 12:22 #4
Maybe they wanted to put something on there...? instead of taking...
Religion is an insult to human dignity.
With or without it you would have good people doing good things and evil people doing evil things.
But for good people to do evil things, that takes religion...
-
February 21st, 2009, 13:54 #5
-
February 21st, 2009, 14:20 #6
I dunno if it'd help you, but there's a program I'm running on my server that monitors the logs. If it finds a number of repeated failed attempts (it checks for specific key phrases/words) that match break in attempts, it puts that IP Address in hosts.deny for a while (I think mines set to 10 minutes). Since most of the attacks against my box seems to come from bots, this seems to stop them (IE, no more reaction from the box, it drops the attempt and moves on).
The programs called OSSEC HIDS. It can be a bit complex, but I used some guides at Ubuntu to make it a lil easier.DM: For reference sake, when a bad guys dies, I'll turn their token over. So an upside down 'A' or 'B' means it's a corpse.
PC 1: So if we kill a 'M' is it reincarnated as a 'W'?
PC 2: That damn 'O' just won't die!
-
February 21st, 2009, 17:49 #7
Oh we are using watchdog. It has a predefined set of rules that it watches for. When it finds a violation it blacklists the IP and sends an email. If it gets more than 10 violations in a 10 minute period of time, it sends an alarm to the company, and they call you (provided you are current on your bill). No matter what it keeps a full log of IP address, and resolutions.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Bookmarks