raoul5788
Studebaker driver
Original poster
Staff member
HERE TO HELP YOU!
Supporting Founder
Lifetime Supporter
We're Back!
- Thread starter raoul5788
- Start date
- Latest activity Latest activity:
- Replies 21
- Views 2K
- Status
Our ISP shut off our IP's as one if our servers was under a heave brute force attack.
Sent from my iPhone using SatelliteGuys
Sent from my iPhone using SatelliteGuys
What is a heavy brute force attack? Where does it come from or can it be traced back to the source?
Nah I knew the server was fine as we have two sets of IP addresses, and the one going to our KVM switch is on the other set of IP's... so I was able to log into the server via the KVM and see all was ok.
Well, maybe...just maybe...when you've become big enough to be attacked, you've "arrived" Scott.
Not sure that's how one measures "success" but, between our "withdrawal" from not being able to be "on"
and someone wanting to attack, you know you're bigger than ever as a site!
Good to see everyone back! (and no, Not making light of it......apparently this IS an important site!)
Not sure that's how one measures "success" but, between our "withdrawal" from not being able to be "on"
and someone wanting to attack, you know you're bigger than ever as a site!
Good to see everyone back! (and no, Not making light of it......apparently this IS an important site!)
I wonder if they were just trying a bunch of username password combinations scrapped from another site. Trying a few million name password combinations could really generate a lot of traffic.
Did the server log any activity?
Did the server log any activity?
Attacks and probing/scanning of internet facing web servers are a fact of life. I run multiple public facing Apache web servers for my employer. Within minutes of putting up a new server that is open to the internet, there are external probes coming from all over the world trying to find what ports are open. Determining who to block is a matter of setting a 'noise' threshold and blocking the IP addresses that persist over a period of time.
The silly thing here is they turned off the wrong IP, the server they were attacking wasn't even this one.
Oh well, all is good again.
Oh well, all is good again.
I have a lot of script kiddies always trying to guess logins and passwords to my business server (Windows 2008). I have a firewall that only lets through the RDP port. I see logs filled with failed login attempts.
Every time something like this happens, I learn! We're not hosted locally on-site, but, aside from the bad which is caused by these kind of interruptions, it's good to learn what CAN happen! I can only imagine how much "noise" is sent across the 'net in hopes of getting "in" wherever it can. When our station site was on a smaller server, we'd get hit on the e-mail side when a shared server had someone else spamming. (whether they knew it or not.). Had to "unblacklist" a few times due to the shared situation. Never did understand it all, except it was annoying.
Ah, but those are only cheap models sold at Wally World, arent they? Oops. Wrong topic. I'm thinking of most of our Electronics these days.
There's little to indicate the true origin of most attacks. If they're much more than small children, they know about how to spoof their IP address. That being said, the Chinese host more than their share of proxy sites because of their government's policies regarding free and open Internet access.
- Status
