China is hacking my box!

Discussion in 'Off-topic' started by futureusr, May 5, 2016.

  1. futureusr

    futureusr A Typical Cat

    1,743
    9
    38
    I stated on here not too long ago that I would rather have China snooping my phone than my own country. I reckon they decided to take me up on it.

    3 IPs that trace back to China have been attempting to hack the root account on my Linux box for last hour or so. Root login via ssh is disabled, and the only port I fwd through my router is 22, so not much chance they will get in.

    And you think they did not sniff out Hillary's server and throw everything they have at it?

     
    Last edited: May 5, 2016
  2. phaed

    phaed Active Member

    9,360
    2
    38
    i think this happens all the time to everyone. i've been sniffing and tracking this type of information for many years. i think it's just botnets crawling the internet testing for vulnerabilities, so they can add other zombies to their collection. the probability that you're specifically targeted by some hacker is remote in the extreme, unless you've pissed someone off or have valuable information.
     

  3. futureusr

    futureusr A Typical Cat

    1,743
    9
    38
    agreed, I don't think I am being targeted specifically. I am just a schmuck with port 22 open to the world.
     
  4. Squid

    Squid Gun pecan

    308
    46
    28
    Yeah, just the equivalent of someone jiggling car doors in a parking lot.
     
  5. RedDawnTheMusical

    RedDawnTheMusical Well-Known Member

    10,793
    316
    83
    Yeah that is just script kiddies or bots. I seriously doubt that Hillary had a firewall appliance - I wonder if she was even using NATing. Has there been anything published on her server configuration? Since it is an email server, I suspect it had more than just a port or two open (e.g. posts for SMPT, POP3, IMAP, TLS/SSL, EWS, CalDev, RDS, etc.).
     
  6. 45_Fan

    45_Fan Well-Known Member

    7,958
    42
    48
    I regularly get tried by bots. I once found a broken one that had latched on and was somewhere the thousands of running exactly the same permutations of password attempts before I just blocked it at the firewall. It had well north of a million attempts when I blocked it. The poor thing was stuck in repeat for more than a day and they didn't notice...
     
  7. NullMatrix

    NullMatrix Member

    712
    0
    16
    I have an SSH server at home and it regularly gets brute-force login attempts from China and other places.

    I have it set up with "fail2ban" which blocks IPs after too many failed logins. You can tell you're being hit by a large adversary when they immediately switch IPs after getting banned on one.

    They do give up after a while, and except for some zero-day vulnerability in my SSH server they are extremely unlikely to gain access.
     
  8. phaed

    phaed Active Member

    9,360
    2
    38
    yeah, "Guccifer", the romanian hacker that supposedly got into Hilary's server laid out some details, but not all of them made their way to the press. she had a dedicated sys admin. there's no reason to believe he half-assed it.
     
  9. RedDawnTheMusical

    RedDawnTheMusical Well-Known Member

    10,793
    316
    83
    Likewise there is no reason to believe he didn't. I've met "IT specialists" that can barely operate a smartphone. This server was, at lest originally, supposedly in he home closet. While it is possible that there was a hardware firewall in front of it, active intrusion prevent monitoring, etc., it could just have as easily been a server with a default (non-hardened) configuration shoved in a closet. The Romanian hacker supposedly got into it after doing some basic port sniffing (and then I assume exploiting a known security flaw in the installed software). However, only Fox is reporting his role and, supposedly, the FBI found no evidence to affirm his claim. I guess we'll have to wait and see what the real deal is here (well, at least the government's version).