Pesky Hacker!!!
Discussion
Help...
Got someone trying to hack one of our sites. Managed to get his/her IP address, no hard seeing as they had over 8000 login attempts!!! They were trying every few seconds over several hours.
How do I go about blocking this IP address, the site is being sluggish and doesn't respond all the time due to this pesky er.
We are running Windows Server 2003, with all latest updates. I ran the Microsoft Baseline Security Analyzer and everything checked out ok so there is no way they can get in, but if I can block the IP then it stops him/her trying...
Got someone trying to hack one of our sites. Managed to get his/her IP address, no hard seeing as they had over 8000 login attempts!!! They were trying every few seconds over several hours.
How do I go about blocking this IP address, the site is being sluggish and doesn't respond all the time due to this pesky er.
We are running Windows Server 2003, with all latest updates. I ran the Microsoft Baseline Security Analyzer and everything checked out ok so there is no way they can get in, but if I can block the IP then it stops him/her trying...
2003 is so easy to hack its untrue.
You should really be firewalling any machine thats facing the net, especially a Doze Box.
You can try and block him using l2p, but windows doesnt actually make it that easy to block.
you can also possibly block using the Filtering Section, in TCP/IP in network properties, but again, this isnt that easy.
A good firewall (even a software based one if the machine is local) is what you need.
If the box is colocated, speak to your host about a hardware firewall.
HTH.
You should really be firewalling any machine thats facing the net, especially a Doze Box.
You can try and block him using l2p, but windows doesnt actually make it that easy to block.
you can also possibly block using the Filtering Section, in TCP/IP in network properties, but again, this isnt that easy.
A good firewall (even a software based one if the machine is local) is what you need.
If the box is colocated, speak to your host about a hardware firewall.
HTH.
xsaravtr said:
I ran the Microsoft Baseline Security Analyzer and everything checked out ok so there is no way they can get in
Edited to add something constructive: Are you running any kind of firewall, even Zone Alarm? If you're not then you should be. If you are, then simply block their IP address using it.
Having said that, they can't be a very good hacker if they're not spoofing their IP address.
>> Edited by JonRB on Thursday 6th May 17:54
Google said:
Short for Layer Two (2) Tunneling Protocol, an extension to the PPP protocol that enables ISPs to operate Virtual Private Networks (VPNs). L2TP merges the best features of two other tunneling protocols: PPTP from Microsoft and L2F from Cisco Systems. Like PPTP, L2TP requires that the ISP's routers support the protocol.
www.google.co.uk/search?hl=en&ie=UTF-8&oe=UTF-8&safe=off&q=l2tp+windows+2003&meta=
JonRB said:
Having said that, they can't be a very good hacker if they're not spoofing their IP address.
Unless ofcourse, they are, or rather just using a brute force from another comprimised machine elsewhere.
Its common practise to root one machine, then use that as a staging area for attacks all over the world, then, should the need arive, simply wipe that machine and walk away scott free :|
JamieBeeston said:Well, yes, there is that possibility.
Unless ofcourse, they are, or rather just using a brute force from another comprimised machine elsewhere.
Its common practise to root one machine, then use that as a staging area for attacks all over the world, then, should the need arive, simply wipe that machine and walk away scott free :|
xsaravtr said:
I've blocked all ICMP Traffic, so now at least the server doesn't respond to a ping.
hehe
is the server local to you ?
If so, try something free like Zonealarm, its probably going to lock you out a few times tho, which is why I only 'mention' it for local servers.
Nothing beats a hardware firewall really, thats what all my windows customers choose.
Check who owns the IP Address range: www.iana.org/faqs/abuse-faq.htm#HintsforFindingaPersonResponsibleforaGivenIPv4Address
Your provider should be able to block out his address if you speak to them.
Tim
Your provider should be able to block out his address if you speak to them.
Tim
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff