The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hackers visits every 2 days. How to trap him?

Discussion in 'General Discussion' started by Roy@ENHOST, Jun 25, 2004.

  1. Roy@ENHOST

    Roy@ENHOST Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    495
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Los Angeles California
    Hi guys,

    One of my server's security was compromised.
    And the hacker visits every 2 days.
    What can I install to trap and track him?
     
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
  3. Roy@ENHOST

    Roy@ENHOST Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    495
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Los Angeles California
    Hi guys,

    I went to FTP section and downloaded the raw FTP log.
    I nabbed that fella.

    212.174.89.155 - - [25/Jun/2004:06:51:20 -0400] "GET / HTTP/1.1" 200 660 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; 118K501TUR)"

    Went to http://www.ip2location.com/free.asp to check out the IP:212.174.89.155

    "212.174.89.155 TR TURKEY"
    Got him!

    Then I used IP tables to block the whole class C IP.
    iptables -I INPUT -s 212.174.89.0/24 -j DROP

    Am I safe to say he can't break in? Can he use proxy to get in?
     
  4. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    If all you did was ban his IP (or the class C range of it) using iptables, then I would say yes.
     
  5. Roy@ENHOST

    Roy@ENHOST Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    495
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Los Angeles California
    Through Proxy?

     
  6. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    Sure. It also is not that difficult to obtain an IP on a different class C subnet. Most ISPs I have dealt with switch customers between two or three different subnets regularly. Keep in mind, that you could ban all Turkish IPs, but that would not eliminate the possibility of the person using a shell account and simply using an account originating in another country.

    What was this person doing on your box? How was your server compromised? Banning the hackers IP is OK, but eliminating the source of the vulnerability is better.
     
  7. naguib2000

    naguib2000 Member

    Joined:
    May 12, 2004
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    if i was a hacker , i will never see it a problem for a victim to block my ip :)

    Hackers can log in to your server from another another server for example

    In my opinion eliminating the source of the vulnerability is not just better .... it is a must !!!!
     
Loading...
Similar Threads - hackers visits every
  1. AmedeoSca
    Replies:
    4
    Views:
    192

Share This Page