ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Suddenly hit from lots of different places today.

    Scheduled Pinned Locked Moved IT Discussion
    securityhackbrute forceattack
    34 Posts 10 Posters 5.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • AmbarishrhA
      Ambarishrh @travisdh1
      last edited by

      @travisdh1 said in Suddenly hit from lots of different places today.:

      @Ambarishrh I saw that, doesn't really give me anything beyond what cPHulk is doing already. Might have to try it on some local systems tho.

      cPHulk uses a MySQL database that does not use iptables in the manner CSF is using. It is more intensive to block using cPHulk due to the fact it blocks based on logging authentications to a MySQL database and then determining actions based on it. It is actually more streamlined and easier to manage CSF / LFD due to it dealing directly with iptables via flat files.

      travisdh1T 1 Reply Last reply Reply Quote 1
      • travisdh1T
        travisdh1 @Ambarishrh
        last edited by

        @Ambarishrh said in Suddenly hit from lots of different places today.:

        @travisdh1 said in Suddenly hit from lots of different places today.:

        @Ambarishrh I saw that, doesn't really give me anything beyond what cPHulk is doing already. Might have to try it on some local systems tho.

        cPHulk uses a MySQL database that does not use iptables in the manner CSF is using. It is more intensive to block using cPHulk due to the fact it blocks based on logging authentications to a MySQL database and then determining actions based on it. It is actually more streamlined and easier to manage CSF / LFD due to it dealing directly with iptables via flat files.

        I grep that. I have been keeping an eye on performance, and we haven't seen any detrimental effects yet (the memory cache for the mysql instance is ~2x the db size currently.)

        1 Reply Last reply Reply Quote 0
        • travisdh1T
          travisdh1
          last edited by

          For those interested in such things

          0_1478721557353_upload-b18683f9-ac76-4b8a-ae2b-197d3b5dc645

          1 Reply Last reply Reply Quote 0
          • dafyreD
            dafyre
            last edited by

            Are the attacks still ongoing today?

            1 Reply Last reply Reply Quote 1
            • travisdh1T
              travisdh1
              last edited by

              Got this knocked down to one every half hour instead of once every five minutes by 5PM yesterday, and the last notification I got was at 6:02AM this morning, hopefully we're done with these..... silly.... people.

              Some (hopefully) final numbers for you all.
              0_1478785140922_upload-ffd74363-5686-46cf-a8cd-5d191f664664

              0_1478785277894_upload-54aa2098-f090-4457-bd11-729adec288ea

              They never even tried a valid user in addition to trying this on a service that responds as being active but then rejects all login attempts. Silly, silly people.

              PS - I hope all the mods appreciate my self-moderation here 😉

              dafyreD 1 Reply Last reply Reply Quote 2
              • dafyreD
                dafyre @travisdh1
                last edited by

                @travisdh1 I'm totally shocked... not a single hit for root as the login name!

                travisdh1T 1 Reply Last reply Reply Quote 2
                • travisdh1T
                  travisdh1 @dafyre
                  last edited by travisdh1

                  @dafyre said in Suddenly hit from lots of different places today.:

                  @travisdh1 I'm totally shocked... not a single hit for root as the login name!

                  I know right 😕

                  When I first started here, the website was hosted on a Windows Server VPS, so the administrator at least makes a little sense.

                  Also, remote root login (the only one available because it's a VPS) is key based. So go ahead and try logging in as root with a password.

                  stacksofplatesS 1 Reply Last reply Reply Quote 2
                  • stacksofplatesS
                    stacksofplates @travisdh1
                    last edited by

                    @travisdh1 said in Suddenly hit from lots of different places today.:

                    @dafyre said in Suddenly hit from lots of different places today.:

                    @travisdh1 I'm totally shocked... not a single hit for root as the login name!

                    I know right 😕

                    When I first started here, the website was hosted on a Windows Server VPS, so the administrator at least makes a little sense.

                    Also, remote root login (the only one available because it's a VPS) is key based. So go ahead and try logging in as root with a password.

                    Ha we can't log in with root at all over SSH.

                    travisdh1T 1 Reply Last reply Reply Quote 0
                    • travisdh1T
                      travisdh1 @stacksofplates
                      last edited by

                      @stacksofplates said in Suddenly hit from lots of different places today.:

                      @travisdh1 said in Suddenly hit from lots of different places today.:

                      @dafyre said in Suddenly hit from lots of different places today.:

                      @travisdh1 I'm totally shocked... not a single hit for root as the login name!

                      I know right 😕

                      When I first started here, the website was hosted on a Windows Server VPS, so the administrator at least makes a little sense.

                      Also, remote root login (the only one available because it's a VPS) is key based. So go ahead and try logging in as root with a password.

                      Ha we can't log in with root at all over SSH.

                      While it's very tempting to do just that, the only user the system started with was root. If I have to burn it all down, I need some way to access the thing.

                      stacksofplatesS 1 Reply Last reply Reply Quote 0
                      • stacksofplatesS
                        stacksofplates @travisdh1
                        last edited by

                        @travisdh1 said in Suddenly hit from lots of different places today.:

                        @stacksofplates said in Suddenly hit from lots of different places today.:

                        @travisdh1 said in Suddenly hit from lots of different places today.:

                        @dafyre said in Suddenly hit from lots of different places today.:

                        @travisdh1 I'm totally shocked... not a single hit for root as the login name!

                        I know right 😕

                        When I first started here, the website was hosted on a Windows Server VPS, so the administrator at least makes a little sense.

                        Also, remote root login (the only one available because it's a VPS) is key based. So go ahead and try logging in as root with a password.

                        Ha we can't log in with root at all over SSH.

                        While it's very tempting to do just that, the only user the system started with was root. If I have to burn it all down, I need some way to access the thing.

                        Ah ic. Do you not have console access?

                        travisdh1T 1 Reply Last reply Reply Quote 0
                        • travisdh1T
                          travisdh1 @stacksofplates
                          last edited by

                          @stacksofplates said in Suddenly hit from lots of different places today.:

                          @travisdh1 said in Suddenly hit from lots of different places today.:

                          @stacksofplates said in Suddenly hit from lots of different places today.:

                          @travisdh1 said in Suddenly hit from lots of different places today.:

                          @dafyre said in Suddenly hit from lots of different places today.:

                          @travisdh1 I'm totally shocked... not a single hit for root as the login name!

                          I know right 😕

                          When I first started here, the website was hosted on a Windows Server VPS, so the administrator at least makes a little sense.

                          Also, remote root login (the only one available because it's a VPS) is key based. So go ahead and try logging in as root with a password.

                          Ha we can't log in with root at all over SSH.

                          While it's very tempting to do just that, the only user the system started with was root. If I have to burn it all down, I need some way to access the thing.

                          Ah ic. Do you not have console access?

                          I do, but the only user on the system was created after the OS/cPanel was installed. So if I have to nuke it from orbit, I kinda need that access.

                          1 Reply Last reply Reply Quote 1
                          • 1
                          • 2
                          • 2 / 2
                          • First post
                            Last post