OVH Community, your new community space.

Heads up about a possible hack/scan


Winit
23-09-2010, 13:11
Quote Originally Posted by LawsHosting
WiniT, if you're right that its a waste of time, then whats the point in

OpenDNS's filtering,
Pishtank,
SpamHaus,
etc...........

Aren't they warning people?
You have listed systems designed with a single purpose in mind. This is a general discussion forum and it is not designed for reporting single attacks. Fozl has hit the nail on the head.

fozl
23-09-2010, 10:44
I kind of see Winits point, I see scans like this as the internets version of background radiation. It would be futile to post a thread warning everyone every time you see scans or a brute force from a specific IP in your logs. But it's not a waste of time to discuss these things more generally than specifically.

Not so much "Beware! IP so and so and so tried to brute force me eveyone!" instead more "What to do if you're being scanned etc from some IP, setup iptables, email the abuse department the IP belongs to, etc"

LawsHosting
23-09-2010, 00:27
WiniT, if you're right that its a waste of time, then whats the point in

OpenDNS's filtering,
Pishtank,
SpamHaus,
etc...........

Aren't they warning people?

Winit
22-09-2010, 21:54
Do I really need to educate you about how many hundreds of thousands of malicious hosts exist on the Internet? Are you going to make a new thread every time one of them scans your machine?

I don't think so.

The important thing is to make sure your system is secure and automatically detects incoming threats.

As Myatu pointed out, WHOIS the IP and report it to the abuse address.

jonlewi5
22-09-2010, 19:33
Yeah i really like this idea actually.

zydron
22-09-2010, 19:17
on that forum you can also explain how to setup such systems

wonderfull idea, I like it! (in sense of: helping others, to combat abuse)

BigMAC
22-09-2010, 17:46
Quote Originally Posted by Winit
It's a waste of time to post "attacks" on the forum.
I actually think its a good thing as it will help to stop such things in their tracks, The more that know the more we can help get these sort of people off the map!

I am actually thinking of starting a forum where webhosts can come and post details of hackers, spammers, scammers, So together we can combat this major problem.

Of course having good detection systems in place such as maxmind will help keep these types off the servers but theirs allways some which gets through it.

LawsHosting
21-09-2010, 22:39
Quote Originally Posted by Winit
It's a waste of time to post "attacks" on the forum.
Explain why?

Actually, I think you're right, what do I care if other people get scanned, right?

Winit
21-09-2010, 20:42
It's a waste of time to post "attacks" on the forum.

BigMAC
21-09-2010, 18:33
Thanks for sharing, However doruk.net does have an allocation of IP's from 82.151.128.0 TO 82.151.128.255

If sending an email to their abuse department doesnt work, Maybe you should contact RIPE

Myatu
21-09-2010, 18:04
Thanks! You did send abuse@doruk.net.tr an e-mail as well, right?

LawsHosting
21-09-2010, 17:46
For the past two days, several IPs within 82.151.128.0/19 (Turkey) are trying to bombard port 110. Not sure if its serious but I've blocked it via iptables just to be safe.

Just wanted to give people a heads up.