View Full Version : IP's of Brute Force Attacks
sightz 10-11-2004, 11:43 AM There seems to be a rash of brute force hacking attempts this week. Let's use this thread to share the IP's of the attacking machines so we can firewall them...
So far I have been attacked by:
12.111.217.197 - reported to ATT abuse
69.93.49.74 - reported to thePlanet abuse and responded
203.75.126.99 - one of those foreign IP's that no one responds to
GideonX 10-11-2004, 11:55 AM We've seen a jump here also, a bit annoying grrrrr.
twastudios 10-11-2004, 12:07 PM We've also experienced an increase as well.
Here's a few for you to block.
210.116.114.229
218.38.13.216
211.248.38.252
12.111.217.197
iCARus 10-11-2004, 12:31 PM Well, we have one:
69.64.37.120 ( we reported this abuse)
sightz 10-11-2004, 12:34 PM Originally posted by twastudios
Here's a few for you to block.
Added to deny_hosts. Thanks!
Anyone else?
twastudios 10-11-2004, 08:24 PM Just caught another...
194.88.113.226
Whois shows it from Belgium. Most of my attacks have been from overseas.
sprintserve 10-12-2004, 06:56 AM If any one is interested, I was ddos yesterday. I can post logs. There's probably another 100 compromised machines for you to block
twastudios 10-12-2004, 09:01 AM Here's another...
222.132.144.114
Fire away SprintServe. I'll use them.
sirius 10-12-2004, 09:11 AM Originally posted by sightz
Added to deny_hosts. Thanks!
Anyone else?
We saw a huge increase in this, a while back. We were blocking the IP's as they came in but actually determined it was much easier just to change the SSH port.
Just a thought.
Sirius
SmartActive 10-12-2004, 10:52 AM Hi,
They are trying to connect to SSH port(default=22),why not to change SSH port ?to a random number for example : 2274 or whatever.
edit : /etc/ssh/sshd_config
uncomment the 1st row ,and change the number .
cheers,
andreyka 10-12-2004, 12:50 PM I reccomend use active IDS to pervent this attacks.
CatalystServers 10-13-2004, 01:48 PM Few I have seen.
212.96.168.140
194.88.113.226
220.95.232.46
Also why don’t you guys use BFD? (Linux Brute Force Detection)
twastudios 10-13-2004, 02:29 PM Yes. BFD works great.
Admin will be channging SSH port today on all our servers.
twastudios, if you have access you can do the directions below, or atleast have them so you know how to do it yourself.
Changing the SSH port number.
Before you do this, if you have firewall rules think of the port you want to change it to and open that port before changing it.
log in to SSH and su -
vi /etc/ssh/sshd_config
Right at the top is
Port #
Protocol #
Change port # to the new port number you'd like to use, somewhere high over 30000. Make sure Protocal is set to 2 only.
:wq to save the file
service sshd restart or /etc/rc.d/init.d/sshd restart
Now your Done :)
twastudios 10-13-2004, 02:47 PM Thanks for the information. Great stuff. Never hurts to know it.
My admin actually wrote BFD, and APF, so I'm in good hands ;)
He actually suggested we change the SSH port, but I got busy and didn't respond to him. He said "I told you so" when I brought it up to him again a little bit ago.
lol.....the fun of being in business ;)
Not a problem, I look at it this way. The safer your box is… The safer my box is :)
twastudios 10-13-2004, 02:52 PM Originally posted by w33t
Not a problem, I look at it this way. The safer your box is… The safer my box is :)
That is the only way to approach it :)
Btw twastudios, I recall seeing a thread started by you, requesting for staff members to possibly assist you with trouble ticket support, I was wondering if you are still looking for staff members?
twastudios 10-13-2004, 03:47 PM Actually, I forgot I filled that posting and I just posted that it was filled.
Thanks for your interest!
Alright, well please let me know if you have any openings :)
| 