search for: botnet

Hi, Since upgrading our mail servers to Postfix/Dovecot, we've seen a rather large increase in botnet brute force password attacks. I guess our old servers were too slow to suit their needs. Now, when they hit upon a valid user, it's easy to see what passwords they are trying (we've enabled auth_debug_passwords and set auth_verbose_passwords = plain). We can easily have log monitors pick...

On 02/04/2015 07:55 PM, Always Learning wrote: > Rent ? That costs money. Just crack open some Windoze machines and do > it for free. That is what many hackers do. Those crackers who build these botnets are the ones who rent out botnet time to people who just was to get the work done. There is a large market in botnet time. > > Is this safe enough ? > > wac4140SoeTer'#621strAAt0918;@@ > > Yes, it is.

Hello guys, Whats is the best way to identify a possible user using a botnet with php in the server? And if he is using GET commands for example in other server. Does apache logs outbound conections ? If it is using a file that is not malicious the clam av would not identify. Thanks <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_camp...

...rience I would very much like to hear about it's strengths and weaknesses. ----- Original Message ----- From: "Johnny Hughes" <johnny at centos.org> To: "centos" <centos at centos.org> Sent: Monday, November 6, 2017 7:20:22 AM Subject: Re: [CentOS] How to detect botnet user on the server ? On 11/06/2017 07:06 AM, marcos valentine wrote: > Hello guys, > > > Whats is the best way to identify a possible user using a botnet with php > in the server? And if he is using GET commands for example in other server. > > Does apache logs outbound con...

On 11/06/2017 07:06 AM, marcos valentine wrote: > Hello guys, > > > Whats is the best way to identify a possible user using a botnet with php > in the server? And if he is using GET commands for example in other server. > > Does apache logs outbound conections ? > > If it is using a file that is not malicious the clam av would not identify. This sounds like a good place to start: https://major.io/2011/03/09/st...

...om their warped point of view, but I haven't a > > clue why so many people would be beating on some apparently unassigned > > and unused port. > > > As you say 48825 is not a known port and too low to be a dynamic port. > I suspect it's a command/control port for a botnet - they aren't > particular renowned for their elegance and subtlety and so it might be > that your IP address (if it's a DSL line) in the past had been > compromised and was running a bot controller and all the bot workers on > hacked machines are trying to contact their control...

On Tue, July 28, 2015 19:46, Warren Young wrote: > > iPads can???t be coopted into a botnet. The rules for iPad passwords > must necessarily be different than for CentOS. > http://www.tomsguide.com/us/ios-botnet-hacking,news-19253.html -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne mailt...

...rote: > > SSH as shipped on CentOS doesn?t allow 1,000 guesses per second, as this calculator assumes Hmm, just thought of a counterattack: If CentOS?s SSH currently allows 10 guesses per minute *per IP*, all you need to do to get 1,000 guesses per second is to rent time on a 6,000 machine botnet.

On Sat, 25 Jul 2015 11:16:18 -0600 Chris Murphy <lists at colorremedies.com> wrote: > On Sat, Jul 25, 2015 at 9:40 AM, Scott Robbins <scottro at nyc.rr.com> wrote: > > This might show up twice, I think I sent it from a bad address previously. > > If so, please accept my apologies. > > > > > > In Fedora 22, one developer (and only one) decided that if

Once upon a time, Warren Young <wyml at etr-usa.com> said: > Much of the evil on the Internet today ? DDoS armies, spam spewers, phishing botnets ? is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords. Since most of that crap comes from Windows hosts, the security of Linux SSH passwords seems hardly relevant. > Your freedom to use any password you like stops at the point where exerc...

...ts get a million Linux kernels to run at once Scientists at Sandia National Laboratories in Livermore, have run more than a million Linux kernels as virtual machines. (how long before shared hosts use this....lol) The technique will allow them to effectively observe behaviour found in malicious botnets, or networks of infected machines that can operate on the scale of a million nodes. One of the researchers Ron Minnich, said they are often difficult to analyze since they are geographically spread all over the world. However using virtual machine and a Thunderbird supercomputing cluster for the...

...> The new rules are nowhere near that stringent: > > http://manpages.ubuntu.com/manpages/trusty/man8/pam_pwquality.8.html > >> Who thinks the password policy in my machines are my concern. > > Much of the evil on the Internet today ? DDoS armies, spam spewers, phishing botnets ? is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords. > > Your freedom to use any password you like stops at the point where exercising that freedom creates a risk to other people?s machines. > > In the previous thread on this t...

...point of view, but I >>> haven't a clue why so many people would be beating on some apparently >>> unassigned and unused port. >>> >> As you say 48825 is not a known port and too low to be a dynamic port. >> I suspect it's a command/control port for a botnet - they aren't >> particular renowned for their elegance and subtlety and so it might be >> that your IP address (if it's a DSL line) in the past had been >> compromised and was running a bot controller and all the bot workers on >> hacked machines are trying to cont...

On 07/28/2015 03:06 PM, Chris Adams wrote: > Once upon a time, Warren Young <wyml at etr-usa.com> said: >> Much of the evil on the Internet today ? DDoS armies, spam spewers, phishing botnets ? is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords. > Since most of that crap comes from Windows hosts, the security of Linux > SSH passwords seems hardly relevant. > I happen to know from firsthand experience that SSH slow brutefo...

> On Feb 4, 2015, at 5:55 PM, Always Learning <centos at u64.u22.net> wrote: > > On Wed, 2015-02-04 at 17:50 -0700, Warren Young wrote: > >>> rent time on a 6,000 machine botnet. > > Rent ? That costs money. Just crack open some Windoze machines and do > it for free. That is what many hackers do. Acquiring your own botnet requires time and effort. Renting someone else?s botnet trades one resource for another. Nothing is free. Just as with my analogy with saf...

On Thu, 2015-02-05 at 09:51 -0500, Lamar Owen wrote: > On 02/04/2015 07:55 PM, Always Learning wrote: > > Rent ? That costs money. Just crack open some Windoze machines and do > > it for free. That is what many hackers do. > > Those crackers who build these botnets are the ones who rent out botnet > time to people who just was to get the work done. There is a large > market in botnet time. Surely its time for the Feds to arrest and change them ? > > Is this safe enough ? > > > > wac4140SoeTer'#621strAAt0918;@@ > > >...

On Tue, Jul 28, 2015 at 1:06 PM, Chris Adams <linux at cmadams.net> wrote: > Once upon a time, Warren Young <wyml at etr-usa.com> said: >> Much of the evil on the Internet today ? DDoS armies, spam spewers, phishing botnets ? is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords. > > Since most of that crap comes from Windows hosts, the security of Linux > SSH passwords seems hardly relevant. Botnets are terrible, it doesn't matter how many of them th...

...consider passwords that keep the dog out and probably most family members to be security theater. No fail2ban, no firewall rules, sshd by default, challengeresponseauth by default, and a 9 character (even random) passphrase, and that shit is going to get busted into. Against a targeted attack by a botnet, you need something stronger than a 9 character password, today. Let alone 6 years from now. Those other measures need to get better (PKA only, put it behind a VPN). Not the password getting slightly longer. ATMs and credit cards in the U.S. The weak link is the magnetic stripe, not the 4 digit P...

I know this is OT, but I'm not sure where else to ask. I can hope for fogiveness! :) My home router sends its logs to the rsyslog on my desktop system, and from there I can learn all kinds of interesting (or disturbing) things. I've written a really horrid shellscript (about 20 things piped together with a temp file in the middle) to give me the count of DROP events for specific incoming

...; >>> haven't a clue why so many people would be beating on some apparently > >>> unassigned and unused port. > >>> > >> As you say 48825 is not a known port and too low to be a dynamic port. > >> I suspect it's a command/control port for a botnet - they aren't > >> particular renowned for their elegance and subtlety and so it might be > >> that your IP address (if it's a DSL line) in the past had been > >> compromised and was running a bot controller and all the bot workers on > >> hacked machine...