search for: kiddy

...can back up your entire server, not only the mailboxes. Instead of openvpn, I use openssh. Use compression in the ssh tunnel, not the rsync connection, as rsync compression tends to be buggy and interrupts the download. I run sshd on a non-standard port to keep my logs relatively free of script kiddy noise from people looking for an ssh connection to crack. Run fail2ban to lock out the remaining script kiddies. Use a client certificate to log in with ssh unprompted, making it easy to download in a cron job. Here's an example of scripting the download. Uncomment the DRYRUN line for test...

On Sun, 2020-06-21 at 16:47 -0400, mailist wrote: > On 2020-06-21 15:33, Chuck Campbell wrote: > > I'm running Centos 7.8.2003, with firewalld. > > > > I was getting huge numbers of ssh attempts per day from a few specific > > ip blocks. > > If you can control the ssh clients, switch your port number to a > non-standard > port. Pick one in

Hi Guys, Running Dovecot 2 on my server. It is regularly getting dictionary auth attacked. What I have noticed is that once connected to a pop3/imap login session, you can send endless incorrect usernames+passwords attempts. This is a problem for me... I use fail2ban to try and stop these script kiddies. The problem is that fail2ban detects the bad auths, firewalls the IP, however,

On 30/12/14 22:07, Valeri Galtsev wrote: > > I have that vague feeling that what I'm about to say will probably be > declared wrong... Still. From the very beginning I do not consider SELinux > adding to the security of the system. How can it if it can be turned off > on the fly? On the other hand, it adds hundreds of thousands of lines to > kernel code which does exactly

On Tue, December 30, 2014 03:18, Digimer wrote: > What possible reason could they have for that? > > On 30/12/14 02:17 AM, Laurent Dumont wrote: >> By any change, is it a VPS? I know that my CloudAtCost (very cheap but >> extremely unreliable provider) prevents you from using SeLinux on their >> Centos image. No mysterious breakages == lower support costs. The same

I'm not really a programmer and I recently came across this hack to insert a short sleep statement into auth-passwd.c within sshd. It seems to quickly confuse automated dictionary attacks. I've moved sshd to higher ports but apparently the cretins are now scanning to look for that and attacking on whatever port sshd shows up on. Anyway, the link to the hack is here:

Hey guys. I have a server that is owned by me and can confirm through servint that it is owned by me. I would like to do a penetration test and of course to allow you to upload files on the server and kind of trash it to the point where it is always restarting and running out of memory etc etc. This is going to be mainly script kiddie stuff, however will be able to get you hired on with me for

Hi all, Lately, I've seen an increase in the number of attacks against my system from the so-called "Friendly Scanner." When one of these script kiddies targets my server, all I see for symptoms is a few of my trunks become lagged due to server load and a stream of messages on the console that resemble this: [Aug 2 20:27:50] == Using SIP VIDEO CoS mark 6 [Aug 2 20:27:50] ==

Seems the script kiddies are now hitting vsftp with dictionary attacks. I had three boxes showing around 12000 attempts from one IP yesterday. My thoughts are that there should be an upstream solution for this which is then supported by the upstream vendor. Yes, I know there are several 'other' solutions, but I'd really like to stay mainstream and use a supported method for

Last couple of days some of my hosts were probed for UDP port 500 (IKE daemon, used by IPSec for key exchange) from dialup IPs. Don't remember seeing similar probes before. Some new vaulnerability that script kiddies (and pro crackers) are trying out, or is this some old stuff? I do remember there were some security problems with racoon in the past (that were fixed in current CentOS

Hi all, I appologise in advance if this is a little OT, but I am building a box that will serve as firewall and router for a small ''internet cafe / netcafe'' and am using CentOS... So here it is: What are the best tools to be used for keeping the potential script kiddies from ''harming the Internet'' :) ? I specifically want to be able to detect and prevent

On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote: > On 02/13/2015 09:15 AM, Chris Adams wrote: > > Yeah, the old "move stuff to alternate ports" thing is largely a waste > > of time and just makes it more difficult for legitimate use. With > > large bot networks and tools like zmap, finding services on alternate > > ports is not that hard for the

> Further checkings shows another user also getting "Quota exceeded". This > user has only 127Mb toward his quota. Only these two users have this > problem. So far. Both are infrequent mail checkers. It might be the quota for number of messages : Check with "doveadm quota get -u user at domain.example" If there is a limit for number of messages. Regards, --

On Wed, September 23, 2015 00:11, Always Learning wrote: > > > That is great. When I started on Linux that was one of the very > first things I did. Every machine, including servers, has port 22 > replaced by a unique alternative port. Port 22 is also blocked in > IPtables. > > There is an army of dangerous nutters attempting to break-in to > everything. They often mask

Good Day! I think we have a serious problem. One of our old server running FreeBSD 4.9 have been compromised and is now connected to an ircd server.. 195.204.1.132.6667 ESTABLISHED However, we still haven't brought the server down in an attempt to track the intruder down. Right now we are clueless as to what we need to do.. Most of our servers are running legacy operating systems(old

In there you are almost telling people that security through obscurity is a good way. That might sometimes be true but in this case it could mean that you would be handing passwords and other data out. When you start SSH on port 22 it is done with root privileges because the root user is the only one that can use ports below 1024. Root is the only user that can listen to that port or do

Hi! After 3 days of furious programming, here is the half-finished code of the ssh gateway: http://www.linux.hu/~mag/openssh.prepared.tar.gz [No, it isn't even quarter finished, but I am forking to background again, and have no time/whatever to end it in the foreseeable future (except if one says "gee, it _is_ nice, here is the cash for finishing it")]. There are logically two

On 12/13/2015 12:45 PM, Valeri Galtsev wrote: > On Sun, December 13, 2015 11:36 am, Alice Wonder wrote: >> >> >> On 12/13/2015 08:39 AM, Timothy Murphy wrote: >>> Alice Wonder wrote: >>>> One of the benefits of systemd is the dependency based parallel > startup. >>>> The same speed can often be achieved with system V init by fine tuning >

Is it possible to block packets based on content? I would specifically like to block the script kiddies " GET /script/*" packets from reaching my webserver. Thanks for your time, Steve

On 12/15/2014 at 12:26 PM, "Bertrand Caplet" <bertrand.caplet at chunkz.net> wrote: > >> that I needed: >> >> namespace inbox { >> inbox = yes >> } > >Hey, >I wonder where do you have set this namespace inbox ? in 10- >mail.conf ? > The word 'namespace' does not appear in any file within the tree of /etc/dovecot/