search for: kiddi

...he ssh tunnel, not the rsync connection, as rsync compression tends to be buggy and interrupts the download. I run sshd on a non-standard port to keep my logs relatively free of script kiddy noise from people looking for an ssh connection to crack. Run fail2ban to lock out the remaining script kiddies. Use a client certificate to log in with ssh unprompted, making it easy to download in a cron job. Here's an example of scripting the download. Uncomment the DRYRUN line for testing, then comment for production. Add more rsync commands to back up different partitions. The --one-file-syste...

...;Port" in ssh_config and sshd_config; If other clients are being used > (like Putty), > it is easy to change it there. > > We used to get at least 50 probes per day on port 22. Now we get zero. > I used this technique for a number of years - then it got leaked to the script kiddies the port that was used. We don't have anything particularly valuable that they were looking for (I don't think!), but there are lists of subnets & ports out there that the kiddies use so once one found it, the flood gates opened. SSH is now protected behind a VPN. It's a valid t...

..., Running Dovecot 2 on my server. It is regularly getting dictionary auth attacked. What I have noticed is that once connected to a pop3/imap login session, you can send endless incorrect usernames+passwords attempts. This is a problem for me... I use fail2ban to try and stop these script kiddies. The problem is that fail2ban detects the bad auths, firewalls the IP, however, since it's an "established" session, the attacker can keep authing away... It's only on a subsequent (new) connection that the firewalling will take effect. Why is there no configuration opti...

...ng bugs. I discovered at some point that there are > other people out there who share this opinion ;-) > > So, my question is: can someone design attack scenario which would be > successful if it were not for SELinux, and which is thwarted by SELinux. > Note that the fact that script kiddie just forgot to put as a first line > > /usr/sbin/setenforce 0 > > doesn't make such example a solid case pro SELinux for me. > > Thanks a lot for your insight! (Always hoping to learn ;-) > Disabling SELinux requires root privileges at which point most all security impli...

On Tue, December 30, 2014 03:18, Digimer wrote: > What possible reason could they have for that? > > On 30/12/14 02:17 AM, Laurent Dumont wrote: >> By any change, is it a VPS? I know that my CloudAtCost (very cheap but >> extremely unreliable provider) prevents you from using SeLinux on their >> Centos image. No mysterious breakages == lower support costs. The same

...within sshd. It seems to quickly confuse automated dictionary attacks. I've moved sshd to higher ports but apparently the cretins are now scanning to look for that and attacking on whatever port sshd shows up on. Anyway, the link to the hack is here: http://www.aerospacesoftware.com/ssh-kiddies.html Just wondering if any of the wizened programmers out there can think of any reason why this would be a bad thing to do. Cheers,

...s owned by me and can confirm through servint that it is owned by me. I would like to do a penetration test and of course to allow you to upload files on the server and kind of trash it to the point where it is always restarting and running out of memory etc etc. This is going to be mainly script kiddie stuff, however will be able to get you hired on with me for some other jobs that are invovlving network security evaluations. Here is the server info Cpanel and WHM running on CentOS hostname level1.ixkt.net IP addresses 64..131.81.30 64.131.81.31 64.131.81.32 64.131.81.30 SSH Port is on 3734 -...

Hi all, Lately, I've seen an increase in the number of attacks against my system from the so-called "Friendly Scanner." When one of these script kiddies targets my server, all I see for symptoms is a few of my trunks become lagged due to server load and a stream of messages on the console that resemble this: [Aug 2 20:27:50] == Using SIP VIDEO CoS mark 6 [Aug 2 20:27:50] == Using SIP RTP TOS bits 24 [Aug 2 20:27:50] == Using SIP RTP CoS...

Seems the script kiddies are now hitting vsftp with dictionary attacks. I had three boxes showing around 12000 attempts from one IP yesterday. My thoughts are that there should be an upstream solution for this which is then supported by the upstream vendor. Yes, I know there are several 'other' solutions, but...

Last couple of days some of my hosts were probed for UDP port 500 (IKE daemon, used by IPSec for key exchange) from dialup IPs. Don't remember seeing similar probes before. Some new vaulnerability that script kiddies (and pro crackers) are trying out, or is this some old stuff? I do remember there were some security problems with racoon in the past (that were fixed in current CentOS ipsec-tools packages), but don't remember reading anywhere there were any automated tools to exploit it floating around. O...

Hi all, I appologise in advance if this is a little OT, but I am building a box that will serve as firewall and router for a small ''internet cafe / netcafe'' and am using CentOS... So here it is: What are the best tools to be used for keeping the potential script kiddies from ''harming the Internet'' :) ? I specifically want to be able to detect and prevent portscans from LAN to Internet, and any other malware activity the clients might think of. I am particularily interested in ''the CentOS way''. For example I know there is psd...

On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote: > On 02/13/2015 09:15 AM, Chris Adams wrote: > > Yeah, the old "move stuff to alternate ports" thing is largely a waste > > of time and just makes it more difficult for legitimate use. With > > large bot networks and tools like zmap, finding services on alternate > > ports is not that hard for the

...ard his quota. Only these two users have this > problem. So far. Both are infrequent mail checkers. It might be the quota for number of messages : Check with "doveadm quota get -u user at domain.example" If there is a limit for number of messages. Regards, -- CHUNKZ.NET - script kiddie and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signat...

...angerous nutters attempting to break-in to > everything. They often mask their attacks using compromised Windoze > computers all around the world. > Changing the port that sshd listens on solves nothing from a security perspective. The only people that this action deflects are the script-kiddies. Who are admittedly numerous and who can be dangerous but usually are just low-talent opportunists. Moving the port by itself still opens a functioning connection to the internet on a service that is inherently susceptible to brute force and rainbow attacks. The 'dangerous' people on th...

Good Day! I think we have a serious problem. One of our old server running FreeBSD 4.9 have been compromised and is now connected to an ircd server.. 195.204.1.132.6667 ESTABLISHED However, we still haven't brought the server down in an attempt to track the intruder down. Right now we are clueless as to what we need to do.. Most of our servers are running legacy operating systems(old

In there you are almost telling people that security through obscurity is a good way. That might sometimes be true but in this case it could mean that you would be handing passwords and other data out. When you start SSH on port 22 it is done with root privileges because the root user is the only one that can use ports below 1024. Root is the only user that can listen to that port or do

...p using just plugs for everything, which is nearly as bad as just having a packet filter. Maybe your vendor calls one particular setup of his plug as samba gateway, and if you not look into the insides of your firewall, you will think that it really parses the protocol. (Practice #1 for script kiddies: fire a VPN through telnet port using ssh and have your firewall administrator not notice it. Practice #1 for firewall administrators: Make it at least a bit harder to do for a script kiddie with your current firewall software.) So we need something which can keep up with the kiddies at le...

...o faster then why is it a benefit? >> >> Binary logs with checksums is one benefit, much harder for a hacker or > malware to hide its tracks. > > Without intent to be a pain in a... just respectfully disagreeing. > > Harder only from the point of view current tools script kiddies use will > not deal with then. Fundamentally better security/forensics wise would be > to keep logs on remote secure server. Like in the very first computer > security lesson: you can not trust anything on compromised machine. It's a matter of knowing your machine has been compromi...

Is it possible to block packets based on content? I would specifically like to block the script kiddies " GET /script/*" packets from reaching my webserver. Thanks for your time, Steve

...adding the change to 10-mail.conf and starting the server And guess what, I can log into squirrelmail's interface just fine. No more dropped connection to the IMAP server. And now that the panic is over, I'd like to get smart on dovecot. >Regards, >-- >CHUNKZ.NET - script kiddie and computer technician >Bertrand Caplet, Flers (FR) >Feel free to send encrypted/signed messages >Key ID: FF395BD9 >GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9