Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Someone tried to hack my ftp lastnight.
New Posts  All Forums:Forum Nav:

Someone tried to hack my ftp lastnight. - Page 2

post #11 of 62
Tip: use nonstandard ports. 2121 is easy to remember, and probably won't be guessed by a bot unless they do a portscan first.
    
CPUMotherboardGraphicsRAM
Q6600 SLACR @ 3.6 GHz Asus P5E Deluxe MSI 6950 2 GB + 9800GT (PhysX) 4 GB White Lake DDR2-800 
Hard DriveOptical DriveOSMonitor
Hitachi 500 GB Sata iHas 120 Windows 7 Pro x64 u2711 (27", 2560x1440, H-IPS) 
KeyboardPowerCaseMouse
Generic Dell Combat Power 750W Aerotech PGS Bx-500 Logitech Rx300 
Mouse Pad
Desk 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Q6600 SLACR @ 3.6 GHz Asus P5E Deluxe MSI 6950 2 GB + 9800GT (PhysX) 4 GB White Lake DDR2-800 
Hard DriveOptical DriveOSMonitor
Hitachi 500 GB Sata iHas 120 Windows 7 Pro x64 u2711 (27", 2560x1440, H-IPS) 
KeyboardPowerCaseMouse
Generic Dell Combat Power 750W Aerotech PGS Bx-500 Logitech Rx300 
Mouse Pad
Desk 
  hide details  
Reply
post #12 of 62
Ok so I am just going to throw this out there. If you have a server or computer of any type on the Internet guess what you are going to experience every day? Brute force attacks. There is no way to entirely avoid them other than using non-standard ports, restricting access to your services via IP / firewall etc..

Now this is something you just gotta live with. Its going to happen. If you have your servers properly secured then you dont really have anything to worry about. One of the things I personally have done to mitigate these issues is created a distributed block list for IP's attacking my servers.

One server receives the attack, blocks the IP address, submits it to a central database, and the other servers pull down the list and block the malicious IP. Additionally all the other servers can also submit data to the central database. I have it configured to only block / save unique IP's but thats one solution I have implemented. If this is a big concern for you then you should look into options to secure your servers in a similar fashion.

Side note: No the code is not open source at this time, however it may be soon.

Malicious IP list is available here if you want it:

http://bh.h1tman.com/list.php
Desktop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 EVGA 780SLi EVGA GTX285SSC 4GB OCZ Reaper HPC Edition 
Hard DriveOptical DriveOSPower
150GB Velociraptor x2 - RAID0 2 - Samsung Write Master's Window 7 64-bit 750 Watt OCZ 60 AMPs on +12v 
CaseMouse
LIAN LI PC-V2110B Black Logitech G3 
  hide details  
Reply
Desktop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 EVGA 780SLi EVGA GTX285SSC 4GB OCZ Reaper HPC Edition 
Hard DriveOptical DriveOSPower
150GB Velociraptor x2 - RAID0 2 - Samsung Write Master's Window 7 64-bit 750 Watt OCZ 60 AMPs on +12v 
CaseMouse
LIAN LI PC-V2110B Black Logitech G3 
  hide details  
Reply
post #13 of 62
Quote:
Originally Posted by kc-tr View Post
Ok so I am just going to throw this out there. If you have a server or computer of any type on the Internet guess what you are going to experience every day? Brute force attacks. There is no way to entirely avoid them other than using non-standard ports, restricting access to your services via IP / firewall etc..

Now this is something you just gotta live with. Its going to happen. If you have your servers properly secured then you dont really have anything to worry about. One of the things I personally have done to mitigate these issues is created a distributed block list for IP's attacking my servers.

One server receives the attack, blocks the IP address, submits it to a central database, and the other servers pull down the list and block the malicious IP. Additionally all the other servers can also submit data to the central database. I have it configured to only block / save unique IP's but thats one solution I have implemented. If this is a big concern for you then you should look into options to secure your servers in a similar fashion.

Side note: No the code is not open source at this time, however it may be soon.

Malicious IP list is available here if you want it:

http://bh.h1tman.com/list.php
QFT.

Still, its funny to see that they were trying to guess passwords manually. Not even a true brute force attack. I had a good lol
Containment
(18 items)
 
Metamorphosis
(19 items)
 
 
CPUMotherboardGraphicsRAM
AMD 955BE Gigabyte GA-770TA-UD3 Asus GTX560ti 12GB DDR3 1333 CL7 
Hard DriveHard DriveOptical DriveCooling
Spinpoint F3 750GB Seagate 1TB None Custom loop 
OSMonitorMonitorKeyboard
W7 Ultimate x64 Asus ML249H Asus VE228H Alienware TactX 
PowerCaseMouseMouse Pad
OCZ 550W Antec 902 Alienware TactX Razer Sphex 
AudioAudio
E-MU 0404 USB Ultrasone DJ1 Pro Headphones 
CPUCPUMotherboardGraphics
Xeon E5405 Xeon E5405 SuperMicro X7DA3 ATI X1800 
RAMHard DriveCoolingCooling
16GB DDR2 FB-DIMM Various Hyper 101 Hyper 101 
OSMonitorPowerCase
ESXi 5.0 Headless Antec NEO ECO 620W Rosewill RSV-L4000 
MouseMouse PadOtherOther
None None HP P400 IPMI Card 
Other
HP Dual Gigabit NIC 
  hide details  
Reply
Containment
(18 items)
 
Metamorphosis
(19 items)
 
 
CPUMotherboardGraphicsRAM
AMD 955BE Gigabyte GA-770TA-UD3 Asus GTX560ti 12GB DDR3 1333 CL7 
Hard DriveHard DriveOptical DriveCooling
Spinpoint F3 750GB Seagate 1TB None Custom loop 
OSMonitorMonitorKeyboard
W7 Ultimate x64 Asus ML249H Asus VE228H Alienware TactX 
PowerCaseMouseMouse Pad
OCZ 550W Antec 902 Alienware TactX Razer Sphex 
AudioAudio
E-MU 0404 USB Ultrasone DJ1 Pro Headphones 
CPUCPUMotherboardGraphics
Xeon E5405 Xeon E5405 SuperMicro X7DA3 ATI X1800 
RAMHard DriveCoolingCooling
16GB DDR2 FB-DIMM Various Hyper 101 Hyper 101 
OSMonitorPowerCase
ESXi 5.0 Headless Antec NEO ECO 620W Rosewill RSV-L4000 
MouseMouse PadOtherOther
None None HP P400 IPMI Card 
Other
HP Dual Gigabit NIC 
  hide details  
Reply
post #14 of 62
Yea most folks simply overlook the most basic form of security (a decent pass phrase). I always love it when you hear someone say 'my server was hacked!!' and you ask for their root password and they reply with 'passw0rd' 'querty123' or similar.. My response "There's your problem right there!"
Desktop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 EVGA 780SLi EVGA GTX285SSC 4GB OCZ Reaper HPC Edition 
Hard DriveOptical DriveOSPower
150GB Velociraptor x2 - RAID0 2 - Samsung Write Master's Window 7 64-bit 750 Watt OCZ 60 AMPs on +12v 
CaseMouse
LIAN LI PC-V2110B Black Logitech G3 
  hide details  
Reply
Desktop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 EVGA 780SLi EVGA GTX285SSC 4GB OCZ Reaper HPC Edition 
Hard DriveOptical DriveOSPower
150GB Velociraptor x2 - RAID0 2 - Samsung Write Master's Window 7 64-bit 750 Watt OCZ 60 AMPs on +12v 
CaseMouse
LIAN LI PC-V2110B Black Logitech G3 
  hide details  
Reply
post #15 of 62
Problem: Your network needs more Cisco..
Solution: Buy ASA 5505 - use ASDM.. Enjoy life..

Just kidding, but not really..
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
post #16 of 62
Quote:
Originally Posted by scottsee View Post
Problem: Your network needs more Cisco..
Solution: Buy ASA 5505 - use ASDM.. Enjoy life..

Just kidding, but not really..
heh thats not going to do him any good.. to use FTP he must have the port open in the firewall which then makes it vulnerable to brute force attacks. So... that would be a waste of money. Its called "accepted risk" - See also:

http://lmgtfy.com/?q=IT+risk+management
Desktop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 EVGA 780SLi EVGA GTX285SSC 4GB OCZ Reaper HPC Edition 
Hard DriveOptical DriveOSPower
150GB Velociraptor x2 - RAID0 2 - Samsung Write Master's Window 7 64-bit 750 Watt OCZ 60 AMPs on +12v 
CaseMouse
LIAN LI PC-V2110B Black Logitech G3 
  hide details  
Reply
Desktop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 EVGA 780SLi EVGA GTX285SSC 4GB OCZ Reaper HPC Edition 
Hard DriveOptical DriveOSPower
150GB Velociraptor x2 - RAID0 2 - Samsung Write Master's Window 7 64-bit 750 Watt OCZ 60 AMPs on +12v 
CaseMouse
LIAN LI PC-V2110B Black Logitech G3 
  hide details  
Reply
post #17 of 62
Or don't use FTP?
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
post #18 of 62
Everyone THAT IP NOW! Attack it for all your worth!
Swag box m8
(13 items)
 
7 x BL460c
(6 items)
 
 
CPUMotherboardGraphicsRAM
2500K Asus P8P67 Sapphire HD 5770 2x8GB Corsair 1333MHz 
Hard DriveMonitorMonitorPower
Corsair Force 3 120GB Aoc F22S+ Aoc F22S+ Powercool 850W 80+ 
Case
NZXT Phantom 
CPUCPUMotherboardRAM
Xeon E5520  Xeon E5520  BL460c G6 12GB ECC DDR3 
Hard DriveOS
1TB of SAN Server 2008 R2 
  hide details  
Reply
Swag box m8
(13 items)
 
7 x BL460c
(6 items)
 
 
CPUMotherboardGraphicsRAM
2500K Asus P8P67 Sapphire HD 5770 2x8GB Corsair 1333MHz 
Hard DriveMonitorMonitorPower
Corsair Force 3 120GB Aoc F22S+ Aoc F22S+ Powercool 850W 80+ 
Case
NZXT Phantom 
CPUCPUMotherboardRAM
Xeon E5520  Xeon E5520  BL460c G6 12GB ECC DDR3 
Hard DriveOS
1TB of SAN Server 2008 R2 
  hide details  
Reply
post #19 of 62
Quote:
Originally Posted by scottsee View Post
Problem: Your network needs more Cisco..
Solution: Buy ASA 5505 - use ASDM.. Enjoy life..

Just kidding, but not really..
Yeah, cisco is really known for having secure web interfaces and remote logins
But in general, the use of an IPS/IDS system would be a nice touch. Overkill perhaps, but this is OCN, after all.
Astaro is free for home use, PFSense is open source and thus free.
    
CPUMotherboardGraphicsRAM
Q6600 SLACR @ 3.6 GHz Asus P5E Deluxe MSI 6950 2 GB + 9800GT (PhysX) 4 GB White Lake DDR2-800 
Hard DriveOptical DriveOSMonitor
Hitachi 500 GB Sata iHas 120 Windows 7 Pro x64 u2711 (27", 2560x1440, H-IPS) 
KeyboardPowerCaseMouse
Generic Dell Combat Power 750W Aerotech PGS Bx-500 Logitech Rx300 
Mouse Pad
Desk 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Q6600 SLACR @ 3.6 GHz Asus P5E Deluxe MSI 6950 2 GB + 9800GT (PhysX) 4 GB White Lake DDR2-800 
Hard DriveOptical DriveOSMonitor
Hitachi 500 GB Sata iHas 120 Windows 7 Pro x64 u2711 (27", 2560x1440, H-IPS) 
KeyboardPowerCaseMouse
Generic Dell Combat Power 750W Aerotech PGS Bx-500 Logitech Rx300 
Mouse Pad
Desk 
  hide details  
Reply
post #20 of 62
Quote:
Originally Posted by citruspers View Post
Yeah, cisco is really known for having secure web interfaces and remote logins
Do I sense sarcasm?

Just because people don't use aaa hhtp authentication to a radius/tacacs+ server dosen't mean that's Cisco's fault. It's the systems fault!!

$300 investment for zoned firewalls,and IPS makes me tickle in places no keyboard can touch..
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Someone tried to hack my ftp lastnight.