Welcome Guest.   Make a donation to an author on the site August 01, 2014, 02:55:16 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Check out and download the GOE 2007 Freeware Challenge productivity tools.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Flood of server hammering after sending out an email. Suspicious?  (Read 1362 times)
superboyac
Charter Member
***
Posts: 5,629


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: December 18, 2011, 06:47:13 PM »

So, check this out.  I set up a private file server.  Nobody knows the address or anything, it's just for me.  I created a user profile for someone, and I emailed him (using gmail pop access) the login information.  Right after that, a bunch of ip's have been trying to get into the server using all sorts of usernames and passwords.  None of them have worked, but I'm wondering...if you send an email, is that just open for the world's hackers to read?  These ip's are all in asia or europe (mostly asia).  Pretty interesting.
Logged

Josh
Charter Honorary Member
***
Posts: 3,320



View Profile Give some DonationCredits to this forum member
« Reply #1 on: December 18, 2011, 07:00:29 PM »

Is this FTP? If so, it is normal. There are thousands of probes daily on just about any service you can setup. My home FTP server gets hit daily by about 20-30 random attempts to login. I suggest securing access by locking down the max number of attempts per 30-60 seconds, max # of accesses/sessions per ip, etc.
Logged

Strength in Knowledge
superboyac
Charter Member
***
Posts: 5,629


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: December 18, 2011, 07:01:04 PM »

Is this FTP? If so, it is normal. There are thousands of probes daily on just about any service you can setup. My home FTP server gets hit daily by about 20-30 random attempts to login. I suggest securing access by locking down the max number of attempts per 30-60 seconds, max # of accesses/sessions per ip, etc.
Cool, thanks.
Logged

skwire
Charter Member
***
Posts: 4,021



Another Coding Snack request? Om nom nom...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #3 on: December 19, 2011, 12:17:20 AM »

Running it on a non-standard port will help as well.
Logged

f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: December 19, 2011, 12:35:17 AM »

The timing is probably a coincidence, but yes - sending email does largely mean your message is available in plaintext across the internet. Even if you and your recipient have encrypted connections to your respective endpoints (smtp for you while sending, pop3/imap/webbased-whatever for him receiving), there's no guarantee that intermediary SMTP servers will do encrypted traffic.

Please don't expose FTP servers to the internet, the protocol sucks and so many of the ftp daemons are riddled with security holes. Set up an SSH server so you can do SCP (there's decent enough Windows GUIs for it), and it lets you authenticate securely via public-key encryption (remember to turn off password-based SSH access, that way you're not bruteforceable).

Oh, and if this is a linux server, install something like fail2ban. It monitors log files for suspicious activity, and firewall-blocks IPs (temporarily or permanently) according to various rules - it's good stuff.

At any rate, on a server that's exposed to the internet, make sure it's NAT'ed to only let the specific ports you need through.
Logged

- carpe noctem
Renegade
Charter Member
***
Posts: 10,894



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #5 on: December 19, 2011, 04:11:26 AM »

Running it on a non-standard port will help as well.

+1 - A very good recommendation!
Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
Stoic Joker
Honorary Member
**
Posts: 5,123



View Profile WWW Give some DonationCredits to this forum member
« Reply #6 on: December 19, 2011, 12:42:23 PM »

I've got a selection of diagnostic utilities that (frequently get deleted from my ThumbDrive by someones hyper-spastic AV software) I keep in a subfolder of our webserver for quick access. Its come in handy many times (I really hate AV software). Obviously these aren't sensitive files, but it does work in a pinch - depending on your needs.
Logged
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.043s | Server load: 0.01 ]