[Chugalug] Website scanners (was d at mn scammers/hackers)

Lynn Dixon boodaddy at gmail.com
Thu Oct 18 04:23:23 UTC 2012


Somehow I didn't get the original thread but I got this fork.
I have noticed an huge increase in brute force attempts on my co-located
server.  They have been hitting SSH and Exim.  I am running CSF / LFD on
recommendation from Randy and love it, but the attackers appear to be
hitting from a huge range of IP's and only a few hits at a time, and then
they move to a different IP and attack again.

I have not been hacked, but I don't like all this "negative" brute force
traffic.

On Wed, Oct 17, 2012 at 11:45 PM, Dave Brockman <dave at brockmans.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10/17/2012 11:15 PM, David White wrote:
> > To fork the thread, anyone know of any services you can use, and/or
> > or scripts you can run to check the public facing code of sites
> > and ensure there's nothing malicious?
> >
> > On the internal side of things, I wonder if it would just make
> > sense to periodically run an MD5 checksum via cron on each web
> > directory in the server(s) and compare that with the good hash
> > (stored externally, off the server, of course).
>
>
> tripwire?
>
> ossec?
>
> Regards,
>
> dtb
>
>
> - --
> "Some things in life can never be fully appreciated nor
> understood unless experienced firsthand. Some things in
> networking can never be fully understood by someone who neither
> builds commercial networking equipment nor runs an operational
> network."  RFC 1925
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iEYEARECAAYFAlB/e08ACgkQABP1RO+tr2RR5gCgiGxILJVoii477BRYGBQhoX0K
> n2oAn3vbisLm30UUMMgZLG/TuvXkFxdc
> =mhZx
> -----END PGP SIGNATURE-----
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20121018/f1431f94/attachment.html>


More information about the Chugalug mailing list