HomeGeneral

Information regarding our products

Russian email hackers ? Mass hacking from Ireland Messages in this topic - RSS

bodo
bodo
Administrator
Posts: 131


19 days ago
bodo
bodo
Administrator
Posts: 131
Screenshot from our email server, showing banned ip addresses from computers that tried to
brutal force password attack our email server. 32 machines within a couple of hours.

185.234.216 ...215 etc.. thats from Irland.

0 link
bodo
bodo
Administrator
Posts: 131


19 days ago
bodo
bodo
Administrator
Posts: 131
There are lots of russian Ip addresses in this dump, but also a block of 16 addresses that are located in Ireland. All from the same subnet and provider. What does that mean ?
0 link
bodo
bodo
Administrator
Posts: 131


19 days ago
bodo
bodo
Administrator
Posts: 131
ip´s sorted now even more ban´s

edited by bodo on 24.07.2020
0 link
bodo
bodo
Administrator
Posts: 131


19 days ago
bodo
bodo
Administrator
Posts: 131
With Ireland not being any longer in EU. Isn´t it still illegal to hack computers in internet ? I mean isn´t it illegal in Ireland to do stuff like this ?
0 link
wayland sothcott
wayland sothcott
Posts: 22


19 days ago
wayland sothcott
wayland sothcott
Posts: 22
bodo wrote:
With Ireland not being any longer in EU. Isn´t it still illegal to hack computers in internet ? I mean isn´t it illegal in Ireland to do stuff like this ?


It looks like your server's protection blocked any intrusion. If you run a popular website then the attacks increase with the popularity. We run something called fail2ban which looks at failed login attempts then bans that IP for 10 minutes. Normal users get 5 attempts but it prevents a single IP from running hundreds of thousands of attempts it would otherwise try.

What I do notice is attackers can use a distributed attack. It's the same account but tested twice from each of many hundreds of IP addresses. I believe this is a service that can be bought. Someone has a network of computers they hacked, a bot net and they launch the same attack from all of them. They probably have those computers go to a single dropbox somewhere to receive the hacking script to run. That way the hacker writes one script and thousands of computers execute it.

It's unlikely that the location of the IP addresses has any relation to the location of the hacker. If the attacks come from Russia then that's probably down to some Russian language version of a program that got hacked. Maybe there is a Russian MS Office 19 crack that joins a PC to a bot net?

The important thing is that your users have strong enough passwords that can't be guessed in just a few attempts. They should never be a correctly spelt dictionary word but a string of words is OK or a short password with numbers and !$- type characters.
0 link