Comments on: Hacked – SSH Bruteforce

By: coder33

coder33 — Mon, 15 Oct 2012 21:56:36 +0000

THE SCAN AS FOLLOW FROM IP
./go.sh 211
./GO-SH +IP <> START SCAN FROM 211.0.0.1 — TO — 211.255.255.255
AFTER GET THE RESULT AND FIND PORT 22 OPEN ON SOME IP
PROGRAM MAKE CHECK THE IP WITH PASS FILE CALLD
pass_file <<>>

root /root
root/admin
root/guest
root/123

By: coder33

coder33 — Mon, 15 Oct 2012 21:52:11 +0000

the MFU.TXT its the ip range the hacker scan it for ssh scanner its ssh-root scanner
the result must be in txt calld ” VULN.TXT ”
ITS OLD KIND OF SSH SCANNER BY ROMANIAN HACKER TEAM
THY HAVE NOW NEW ONE AND MORE STRONGER IN ARAB TEAM AND INDONESIAN TEAM ……

By: Martin

Martin — Fri, 10 Aug 2012 00:20:08 +0000

You can install Fail2Ban and block all IPs which are have more than xxx failures and report the Attacker automatically over https://www.blocklist.de to the Provider.

By: me

me — Thu, 14 Jun 2012 23:18:10 +0000

There are a lot of vulnerabilities , not only bruteforce on ssh 22. They can get into your computer through Apache or phpMyAdmin vulnerabilities and much more.

By: Chip

Chip — Mon, 21 May 2012 17:52:14 +0000

Hi guys! I just saw what you wrote. Unfortunately most of the so called “hackers” are from Eastern Europe(e.g:Macedonia, Bulgaria, Romania,etc.) They are just your machine to gain access to another machines and so on… Probably you have a weak password(pass, password, 123456, root…so on) and do not have installed honeypot. Try installing honeypot and keeping your system up-to-date. It always helps. Another personal point of view is that if you disable root login it will be safe. Another idea would be to uninstall commands editor (pico, nano) and also wget, apt-get, yum, ftp and stuff like this. If you don’t allow him to access external links he will find your machine useless and move on to the next one.
Best Regards,
Chip.

By: lix

lix — Mon, 23 Apr 2012 02:31:20 +0000

nice nice hacker not good :Ddont hack shells nu intaleg nimica ce e acolo shell root plmeqa password go.sh i scanner ssh backgrond you cna yuzet on backtrak5 :D nige but wohh i du dat :D:DD:D:D:

By: encrypted

encrypted — Thu, 01 Dec 2011 23:44:48 +0000

basically what everybody else said. the “ss” binary is designed to scan an ip range for servers with a given port open. It does thousands of scans per minute and saves the results to a text file. The other executables take an input file (the IP list) and an output file. It’s most likely that if you got broken in, it was through a really simple ssh brute force (seriously, password is not a good password), a RFI exploit, or even a RCE exploit. (google them). Use your brains when setting up a server and you’ll be fine.

By: VerycCool78

VerycCool78 — Wed, 30 Nov 2011 16:13:24 +0000

Installing and configuring Fail2Ban will help too for securing the server by blocking the IP address of somebody that tries to access the server after couples of tries. The default is 3. this is alone is not enough but it can be added next to other suggestion that was mentioned in this blog.

By: Daniel

Daniel — Sun, 06 Nov 2011 13:18:18 +0000

The best way to secure you server, is to change your ssh server port, or to disable login root (they can get access to your server by an user, and use some local root exploit to gain root access). because, the ssh scaners, using the port 22 to scan victims. on my server, the ssh is using a 4 number port. like 6354. and, never get hacked.
PS: sorry for my bad english :P

By: Tommy

Tommy — Fri, 14 Oct 2011 13:34:21 +0000

Oh! This is alarming. I thought Linux has a great security in preventing hackers attack. However, there seems a way to enter into any server. While technology keeps advancing, so do the hacking techniques.

I think these hackers use a network of proxies which make it difficult to identify from which IP they are targeting the server. While ssh is the most easily used one to gain access to remote shell, this is where we need to make it more secure.