Register

Welcome to the RDI-Board Community.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed.


Donate Now Goal amount for this month: 100 EUR, Received: 100 EUR (100%)
Donate to support this site...

Results 1 to 11 of 11
  1. #1
    master Master
    RDI - Board Default Avatar

    Join Date
    Feb 2009
    Location
    beer sheva, Israel
    Posts
    67
    Posts Thanks / Likes

    Exclamation Solutie posibila!

    1: Poti pune restrictie in firewall pe clasa de ip-uri 190.*.*.*
    2: vezi ce usere ai la ssh si le dezactivezi sau le pui pass-uri complicate: 13 caractere(cifre, litere, semne de punctuatie), acestea sunt codari in 128 biti si foarte greu de descoperit!
    3: schimba portul ssh, fpt, web, telnet, sftp, imap, pop3: "in loc de 22 poti pune 96200, atunci va fi greu de descoperit portul deschis in pc" tot asa faci si cu celelalte porturi!
    *Anumite setari descrise mai sus se fac in router(firewall), altele in root(consola linux sau in desktop).*
    4: sistemul de logare la ssh trebuie configurat in felul urmator:
    -ai anumite pluginuri care contorizeaza failure login: schimbi din 0/-1 in 2,3 astfel: la 2,3 logari gresite ip-ul primeste ban.
    *****maine am sa continui, acum este prea tarziu*****

  2. #2
    Member Mentor
    Join Date
    Nov 2008
    Location
    La capatul tunelului
    Posts
    801
    Posts Thanks / Likes

    Default

    cel mai sigur e sa pui parola alfanumerica cat mai mare stiu ca pentru combinatii de 8 caractere alfanumerice la BruteForce ai trebuia cateva zeci de ani
    http://uploadimage.ro/images/04034302560823760342.jpg

    Cumpara de la PcGarage folosind acest voucher : VPT7KWLZ si beneficiezi de 1% reducere !

  3. #3
    Silver Member Expert
    Join Date
    Jul 2003
    Location
    Romania
    Posts
    2,782
    Posts Thanks / Likes

    Default

    pico /etc/hosts.deny

    acolo treci sshd:[email protected], PARANOID

    salvezi



    si pico /etc/hosts.allow

    sshd:ipurile tale de unde intri

    salvezi

    restart ssh si gata
    stai fara grija!

    si daca iti gaseste parola ... tot nu va avea access !

    iote la mine ... pe unul din serverele de administrare si nu imi fac probleme
    Jun 17 23:29:33 hosting sshd[16037]: refused connect from 173.8.119.129 (173.8.119.129)
    Jun 18 00:01:32 hosting sshd[16053]: refused connect from 173.8.119.129 (173.8.119.129)
    Jun 18 05:32:34 hosting sshd[16303]: refused connect from 113.130.64.115 (113.130.64.115)
    Jun 18 12:41:20 hosting sshd[16512]: refused connect from 93.94.216.166 (93.94.216.166)
    Jun 18 17:31:22 hosting sshd[20859]: refused connect from 211.38.137.44 (211.38.137.44)
    Jun 20 11:55:47 hosting sshd[17154]: refused connect from 200.164.76.166 (200.164.76.166)
    Jun 20 12:08:45 hosting sshd[17162]: refused connect from 86.120.117.44 (86.120.117.44)
    Jun 20 12:18:10 hosting sshd[17191]: refused connect from 86.120.117.44 (86.120.117.44)
    Jun 20 13:49:15 hosting sshd[17267]: refused connect from 202.108.254.213 (202.108.254.213)
    Jun 20 16:51:09 hosting sshd[17518]: refused connect from 124.232.130.5 (124.232.130.5)
    Jun 20 16:54:55 hosting sshd[17520]: refused connect from 124.232.130.5 (124.232.130.5)
    Jun 20 20:37:44 hosting sshd[19059]: refused connect from 82.137.200.18 (82.137.200.1
    Jun 20 22:23:54 hosting sshd[22928]: refused connect from 200.164.76.166 (200.164.76.166)
    Jun 21 00:36:17 hosting sshd[28272]: refused connect from 125.69.72.172 (125.69.72.172)
    Jun 21 06:11:55 hosting sshd[29077]: refused connect from 81.0.222.201 (81.0.222.201)
    Jun 21 06:21:29 hosting sshd[29086]: refused connect from 81.0.222.201 (81.0.222.201)
    Jun 21 06:21:32 hosting sshd[29088]: refused connect from 81.0.222.201 (81.0.222.201)
    Jun 21 06:21:35 hosting sshd[29089]: refused connect from 81.0.222.201 (81.0.222.201)
    Jun 21 06:21:39 hosting sshd[29090]: refused connect from 81.0.222.201 (81.0.222.201)
    Jun 21 06:21:43 hosting sshd[29091]: refused connect from 81.0.222.201 (81.0.222.201)
    Jun 21 06:21:47 hosting sshd[29092]: refused connect from 81.0.222.201 (81.0.222.201)
    Jun 21 06:21:55 hosting sshd[29093]: refused connect from 81.0.222.201 (81.0.222.201)
    Jun 21 06:22:14 hosting sshd[29094]: refused connect from 81.0.222.201 (81.0.222.201)
    Jun 21 06:22:50 hosting sshd[29095]: refused connect from 81.0.222.201 (81.0.222.201)
    Jun 21 06:23:34 hosting sshd[29096]: refused connect from 81.0.222.201 (81.0.222.201)
    Jun 21 06:23:59 hosting sshd[29097]: refused connect from 81.0.222.201 (81.0.222.201)
    Jun 21 06:24:24 hosting sshd[29098]: refused connect from 81.0.222.201 (81.0.222.201)
    Jun 21 11:21:42 hosting sshd[13420]: refused connect from 208.85.148.27 (208.85.148.27)
    Jun 21 11:31:10 hosting sshd[13425]: refused connect from 208.85.148.27 (208.85.148.27)
    Jun 21 15:40:49 hosting sshd[13626]: refused connect from 211.38.137.44 (211.38.137.44)
    Jun 21 21:05:05 hosting sshd[13896]: refused connect from 61.78.62.98 (61.78.62.9
    Jun 22 00:13:53 hosting sshd[14055]: refused connect from 216.146.46.8 (216.146.46.
    Jun 22 02:13:02 hosting sshd[14148]: refused connect from 61.129.60.23 (61.129.60.23)
    Jun 22 03:22:11 hosting sshd[14202]: refused connect from 58.196.29.33 (58.196.29.33)
    Jun 22 13:23:59 hosting sshd[27367]: refused connect from 203.191.149.18 (203.191.149.1
    Jun 22 15:20:35 hosting sshd[27467]: refused connect from 210.127.209.27 (210.127.209.27)
    Jun 22 15:24:22 hosting sshd[27468]: refused connect from 210.127.209.27 (210.127.209.27)
    Jun 22 22:06:15 hosting sshd[28040]: refused connect from 61.129.60.23 (61.129.60.23)
    Jun 22 22:28:55 hosting sshd[28063]: refused connect from 219.223.190.148 (219.223.190.14
    Jun 23 00:15:51 hosting sshd[28147]: refused connect from 61.93.239.106 (61.93.239.106)
    Jun 23 00:25:21 hosting sshd[28156]: refused connect from 61.93.239.106 (61.93.239.106)
    Jun 23 13:56:30 hosting sshd[9017]: refused connect from 60.191.231.82 (60.191.231.82)
    Jun 23 14:31:03 hosting sshd[9048]: refused connect from 211.38.137.44 (211.38.137.44)
    Cand esti mort , nu stii ca esti mort . E greu doar pentru ceilalti !
    La fel si cand esti prost ...
    __________________________________________________ _____________________________________________


  4. #4
    Junior Member Teacher
    RDI - Board Default Avatar

    Join Date
    Jan 2005
    Location
    Pitesti
    Posts
    289
    Posts Thanks / Likes

    Default

    Nu incerca cu port 96200, ca nu exista. Cel mult 65535 (2 bytes).
    Pe de alta parte, daca ai o parola buna, poti sa stai linistit. Tu vezi asta de 3 zile; eu o vad de 4 ani si inca nu s-a intamplat nimic deosebit. Oamenii incearca, dar nu'i musai sa si reuseasca. Au o lista de useri (root, admin, administrator, johnny, alex, office, ftp, wwwrun, nobody, s.a.m.d) pe care ii incearca de obicei fara parole. Alte "specimene" incearca si cu cateva parole cum ar fi 123, 1234, numele_de_utlizator, abcd si altele.
    Ca recomandari:
    - schimba portul de ssh
    - pune o parola care sa nu existe in dictionar (exclus numele tau, denumiri de obiecte sau firme). Userul tau de pe forum ar fi un exemplu bunicel de parola (un exemplu bun contine litere mari si mici, cifre si caractere speciale)
    - dezactiveaza userii nefolositi (daca exista at, postfix, ntp, ldap, ftp, si altii)
    - poti limita accesul pe portul de ssh prin iptables, insa eu nu fac asta ca sa pot intra pe servere de oriunde.
    KSC-570[12.01.A5]/Invacom 0,3dB/1,4m Al/ SRT V-50/ 18'/vizibilitate 62E-30W/ lat. 44.85N, long. 24.87E + DolceTV cu antena lui Digi. NOU! Acum cu montura polara ca sa vad 16E-ul!

  5. #5
    Târnacopist Expert
    Join Date
    Dec 2005
    Location
    /home/satwien/
    Posts
    6,001
    Posts Thanks / Likes

    Default

    1. In momentul in care incepe atacul, identifica IP-ul si apoi faci portforward portului atacat catre IP-ul atacatorului (poti face si un script pentru asta). Isi va flooda singur calculatorul!
    2. Daca ii identifici providerul de net, poti trimite pe email o reclamatie cu un log atasat.

  6. #6
    Moderator Expert
    Join Date
    Sep 2003
    Location
    BRASOV
    Posts
    3,462
    Posts Thanks / Likes

    Default

    si eu am avut un server linux facut varza de niste araboi inputiti.
    mi-au schimbat si parola de root.a trebuit sa instalez alt linux.
    acum am pus un pass forte,am activat firewall de linux si l-am trecut prin router cu porturile schimbate.
    ps.multi asa zisi hackers de kk au servere inchiriate in rusia,cu care flodeaza.sau ip deviate in nus ce state sud americane..
    350 kg de scule!

  7. #7
    Junior Member Friend
    RDI - Board Default Avatar

    Join Date
    Apr 2009
    Location
    Oradea
    Posts
    44
    Posts Thanks / Likes

    Default

    SKKIP

    Am vazut in semnatura ta ca ai antena triunghiulara.Cum ii ? Sti ceva site unde este de vanzare (nu mi lene sa caut dar nu stiu cum sa o caut)
    OffSet 1,15;LNB Titanium(Hirschmann) 0,2db;MotorH-H Star Tack;CLONA DM 500s;45w-53e
    http://i153.photobucket.com/albums/s...g?t=1245060232

  8. #8
    Silver Member Expert
    Join Date
    Jul 2003
    Location
    Romania
    Posts
    2,782
    Posts Thanks / Likes

    Default

    Quote Originally Posted by skkip3r View Post
    Rezolvat cu hosts.deny si allow dar inca mai insist peconfigurarile din psad

    Multumesc

    psad e ok ! poti pune in hosts.allow orice fel de clasa

    192.168.1. sau 192.168. sau 192.

    nu iti mai explic care cum face prima lasa toate ipurile din clasa 1.x / 2 lasa toate ipurile din clasa 192.168.x.x / 3 deduci

    daca ai ceva problems ... ma poti contacta mess

    regards
    Cand esti mort , nu stii ca esti mort . E greu doar pentru ceilalti !
    La fel si cand esti prost ...
    __________________________________________________ _____________________________________________


  9. #9
    Member Mentor
    Join Date
    Nov 2008
    Location
    La capatul tunelului
    Posts
    801
    Posts Thanks / Likes

    Default

    Quote Originally Posted by skkip3r View Post
    e un "pamflet"


    @armandino

    O parte tin ip-uri apar si in logurile tale, asta e la mine dar este si la tine:

    Jun 25 21:47:43 skkip3r-desktop sshd[12400]: refused connect from ::ffff:211.38.137.44 (::ffff:211.38.137.44)

    Oare sunt paranoic sau avem minihackeri printre noi?
    mai degraba copii care vor sa urce si ei pe IRC ceva eggdrop , bnc , sa face un shell ceva access de root si sa mai scaneze si ei de acolo alte clase de Ip sau mai rau sa dea flood de acolo
    http://uploadimage.ro/images/04034302560823760342.jpg

    Cumpara de la PcGarage folosind acest voucher : VPT7KWLZ si beneficiezi de 1% reducere !

  10. #10
    Silver Member Expert
    Join Date
    Jul 2003
    Location
    Romania
    Posts
    2,782
    Posts Thanks / Likes

    Default

    Quote Originally Posted by wasexx View Post
    mai degraba copii care vor sa urce si ei pe IRC ceva eggdrop , bnc , sa face un shell ceva access de root si sa mai scaneze si ei de acolo alte clase de Ip sau mai rau sa dea flood de acolo

    @wasexx a subliniat cel mai bine ... coincidenta face ca amandoi sa avem acelasi ip pt ca s-a folosit aceiasi masina infectata pentru scanare.... nimeni nu scaneaza de pe root-ul lui

    de curand am descoperit brute force la ftp ... probabil a mai aparut ceva nou in bransa de hacheri
    Cand esti mort , nu stii ca esti mort . E greu doar pentru ceilalti !
    La fel si cand esti prost ...
    __________________________________________________ _____________________________________________


  11. #11
    Junior Member Junior
    RDI - Board Default Avatar

    Join Date
    Aug 2007
    Posts
    9
    Posts Thanks / Likes

    Default

    si eu as vrea o antena triunghiulara...dar nu stiu de unde as putea dace rost...

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Back to Top