Sorin Srbu wrote on Sat, 25 Jul 2009 19:40:28 +0200:
What if you have legit users from China and Korea trying to connect to your server(s)?
What if he does not? See, you always use the solution that fits you and your setup/environment/needs.
Kai
On Sun, Jul 26, 2009 at 4:31 PM, Kai Schaetzlmaillists@conactive.com wrote:
Sorin Srbu wrote on Sat, 25 Jul 2009 19:40:28 +0200:
What if you have legit users from China and Korea trying to connect to your server(s)?
What if he does not? See, you always use the solution that fits you and your setup/environment/needs.
Kai
Indeed!
Vietnam and Indonezia are also suspects in my list. The biggest problem with this approach is that even tho I could ban whole Asia and Russia, a significant part of the attacks do not originate from there, but from countries like USA, UK, etc, controlled by hackers (also) from the aforementioned areas... The latest case of password breaking I had to deal with was from an USA IP address.. they managed to insert an iframe in all index.html and index.php files on the respective FTP account. The iframe however was pointing to a .ru website hosted in France.. Isn't globalization fun?! Anyway, just banning ranges of IP addresses may not enough, so to rely on this _only_ would be careless.
-- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Lucian@lastdot.org Sent: Sunday, July 26, 2009 11:27 PM To: CentOS mailing list Subject: Re: [CentOS] SSH attacks from china
Vietnam and Indonezia are also suspects in my list. The biggest problem with this approach is that even tho I could ban whole Asia and Russia, a significant part of the attacks do not originate from there, but from countries like USA, UK, etc, controlled by hackers (also) from the aforementioned areas... The latest case of password breaking I had to deal with was from an USA IP address.. they managed to insert an iframe in all index.html and index.php files on the respective FTP account. The iframe however was pointing to a .ru website hosted in France.. Isn't globalization fun?! Anyway, just banning ranges of IP addresses may not enough, so to rely on this _only_ would be careless.
Exactly, that was what I trying to get at!
So you're not going to ban all ip addresses from the US I take it, since most spam, crapware, attacks and whatnot originate from there, as you point out? ;-)
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Kai Schaetzl Sent: Sunday, July 26, 2009 5:32 PM To: centos@centos.org Subject: Re: [CentOS] SSH attacks from china
Sorin Srbu wrote on Sat, 25 Jul 2009 19:40:28 +0200:
What if you have legit users from China and Korea trying to connect to
your
server(s)?
What if he does not? See, you always use the solution that fits you and
your
setup/environment/needs.
But of course, I didn't have the info I have now from the OP. I just meant that banning all ip's from a particular region might not be a good idea generally speaking. This particular OP, also only banned ip-access for some particular services.
-
Kai Schaetzl -
Lucian@lastdot.org -
Sorin Srbu