Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Subscribe to HRA Now!


Are you a Google Analytics enthusiast?

Share and download Custom Google Analytics Reports, dashboards and advanced segments--for FREE! 




From the folks who brought you High Rankings!


Server Hack Attack Day?

  • Please log in to reply
1 reply to this topic

#1 Randy


    Convert Me!

  • Moderator
  • 17,540 posts

Posted 27 November 2009 - 01:03 PM

Does anybody else out there run their own servers and have a mechanism set up to tell them when someone tries to break into the server via a typical ssh hack? And if so, did anybody else see a significant rise in attempts since around midnight last night?

I have a feeling something is going on out there, unless it's just someone targeting the hosting company I use (The Planet for reference sake) for my servers. Across the board all of the servers I manage have seen an exponential increase in break in attempts since shortly before midnight last night US eastern time. We're talking on order of magnitude. I typically see somewhere between 2 and 5 break in attempts per server overnight from a variety of usually foreign IP numbers. (I use lfd and it blocks them quickly and emails me, so it's easy to see.) Last night each server was hit by literally 4 or 5 times the number of break ins than is normal. The server with the least individual attempts had 14. The one with the most closer to 40.

I don't believe in coincidences. wink1.gif

I'm just wondering if it's just me or my hosting company being targeted or if it's a more global thing. I haven't seen any reports of unusual activity, but haven't really looked yet either other than to head over to the Internet Storm Center which doesn't show anything unusual in the works. There is usually a lag time in their reporting though since there first has to be the break ins, then the hacks follow.

Looks like it's time to be more vigilant than normal again.

#2 1dmf


    Keep Asking, Keep Questioning, Keep Learning

  • Active Members
  • PipPipPipPipPipPipPip
  • 2,167 posts
  • Location:Worthing - England

Posted 27 November 2009 - 01:57 PM

Although I have a dedicated web server, the company where it is located locks FTP down to IP via the sonicwall, I don't know what logs they keep, but I can ask if it's of any help.

Our SBS inhouse server isn't geared up for FTP, though I have seen a lot of attempts to logon to the firewall / server as admin (not administrator) this week, haven't had any attempts for weeks prior,

I'm assuming they are trying to access the firewall as they are using 'admin', but I have it locked out for remote management, so they'll have a job, not even i can access it remotely wink1.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

We are now a read-only forum.
No new posts or registrations allowed.