Search

Recent Posts

Tags

« Previous Entries Next Entries »

Blocking ssh server attacks (11/2011)

Monday, November 7th, 2011

During the past few days (early November, 2011) I have been seeing a rash of ssh connection attempts.  I did a quick check and I note that others are posting about similar attacks.  The current attack ‘pattern’ is fairly simple: connection attempts are made every few seconds apparent IP addresses source countries vary quite a Continue reading →

Reporting Network Abuse and/or Hacked Systems

Monday, September 26th, 2011

**Who Ya Gonna Call? Before we can figure out where to send network/system abuse reports to we need to understand who might actually be responsible, or, who might accept responsibility for the resource/network from whence  possible abuse is originating… With the slate of high profile reported system and network ‘hacks’ in 2011 you might think Continue reading →

Linux GeoIP Firewall via iptables (using ipset)

Saturday, September 24th, 2011

In a previous post using GeoIP data with xtables-addons was discussed. CAVEAT – GeoIP data changes constantly – if you implement such a solution then make sure that you also add some sort of auto-data-update process.  Also, GeoIP filtering does not provide any guarantee that a system from ‘filtered IP space’ cannot access your resource Continue reading →

WordPress-Php hacking via plugin: relocate-upload.php

Monday, September 19th, 2011

Do you check your Apache/Web-Server logs for errors?  Today I noted: ~700  potentially malicious web requests in ~ 4 hours (and all requests failing for various reasons.) the same/similar request came from 5 countries. potential malicious/compromised hosts: 7. This appears to be a scan for a WordPress (non-core) plugin written in ~2009 – which some Continue reading →

Linux iptables xtables-addons GeoIP examples

Monday, September 19th, 2011

Some simple examples using xtables-addons GeoIP rules.  See other firewall-related posts for iptables background information and additional examples using custom chains with iptables.  The examples below require that iptables and  xtables-addons be installed and you must generate the ‘packed’ lookup-tables from GeoIP data-sets.  These rules were tested using Fedora 13 (Red Hat Linux) with xtables-addons Continue reading →

« Previous Entries Next Entries »

________________________________________________
YOUR GeoIP Data | Ip: 73.21.121.1
Continent: NA | Country Code: US | Country Name: United States
Region: | State/Region Name: | City:
(US only) Area Code: 0 | Postal code/Zip:
Latitude: 38.000000 | Longitude: -97.000000
Note - if using a mobile device your physical location may NOT be accurate...
________________________________________________

Georgia-USA.Com - Web Hosting for Business
____________________________________