It has been determined that evil forces are at work in this world attempting to gain secure access to the services that host EQ2Emulator.net - specifically, the secure shell into the EQ2 DB Project server. It has a custom SSH Port, yet "they" guessed that. It has custom login names, and somehow "they" guessed that, too. The attacker is failing on the password attempts though, and the IP gets automatically banned - however, the ban list is in the hundreds, and the attacks keep coming.
Primarily, they all trace to these domains in France -
kimsufi.com
ovh.net
and in Russia -
ruradiology.org
I am attempting to auto-ban any IP that accesses invalid data on my servers. This means, innocent people will be banned as well, and for that I am sorry... but if I do not stop these attacks, I will completely shut down all services for good. A small price to pay to keep this project alive.
EQ2Emulator Attacks
-
John Adams
- Retired
- Posts: 9684
- Joined: Thu Jul 26, 2007 6:27 am
- EQ2Emu Server: EQ2Emulator Test Center
- Characters: John
- Location: Arizona
- Contact:
EQ2Emulator Attacks
John Adams
EQ2Emulator - Project Ghost
"Everything should work now, except the stuff that doesn't" ~Xinux
EQ2Emulator - Project Ghost
"Everything should work now, except the stuff that doesn't" ~Xinux
-
alfa
- Team Member
- Posts: 550
- Joined: Fri Jul 27, 2007 6:24 pm
- Location: France
- Contact:
Re: EQ2Emulator Attacks
John tweet Oles (OVH) with the IP please and explain he what happen (he is the foundater of OVH), he will do things to do ^^
FYI OVH is the leader of hosting in Europe (24 DC and the biggest of the world in BHS Canada) and Kimsufi is the low cost division
FYI OVH is the leader of hosting in Europe (24 DC and the biggest of the world in BHS Canada) and Kimsufi is the low cost division
Fight with me... Or die, like the rest.
J.A. say: "I think Xinux tried to tell me this, but I ignore most things he suggests."
J.A. say: "I think Xinux tried to tell me this, but I ignore most things he suggests."
-
John Adams
- Retired
- Posts: 9684
- Joined: Thu Jul 26, 2007 6:27 am
- EQ2Emu Server: EQ2Emulator Test Center
- Characters: John
- Location: Arizona
- Contact:
Re: EQ2Emulator Attacks
Yeah I doubt it's the people who own those sites specifically, likely hacker scripty losers who rent space from them. Thanks for the info though, I will see what can be done. I'm sure mine is not the only IP they are hacking... but hitting such specific ports? That has me very suspicious.
-
alfa
- Team Member
- Posts: 550
- Joined: Fri Jul 27, 2007 6:24 pm
- Location: France
- Contact:
Re: EQ2Emulator Attacks
Change SSH Port is useless, basic ppl can do a TCP scan and find it with headers.
And if you repport spam for IP OVH or Kimsufi Oles can lock the IP or the server who try to hack
And if you repport spam for IP OVH or Kimsufi Oles can lock the IP or the server who try to hack
Fight with me... Or die, like the rest.
J.A. say: "I think Xinux tried to tell me this, but I ignore most things he suggests."
J.A. say: "I think Xinux tried to tell me this, but I ignore most things he suggests."
-
bit_shifter
- Posts: 6
- Joined: Thu May 29, 2014 8:14 am
Re: EQ2Emulator Attacks
Would a key-based SSH login system work for your purposes (instead of passwords)? I'm not sure what the server is being used for or the number of people using it that would need keys, but doing a key-based login system is ideal for a lot of cases -- especially for servers being pounded by brute force password attacks. You'd just be able to disable password logins completely.John Adams wrote:The attacker is failing on the password attempts though, and the IP gets automatically banned - however, the ban list is in the hundreds, and the attacks keep coming.
Maybe you already knew all about this, but I just figured I'd offer that suggestion.
Who is online
Users browsing this forum: No registered users and 0 guests