Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Would you report abuse against your server?

  • 07-04-2004 11:29pm
    #1
    TeRmInAlCrAzY
    Registered Users, Registered Users 2 Posts: 176 ✭✭


    Hi,

    Just a quick question.

    I had some *tool* from mexico with an adsl account attempt over 1000 ftp connections to various accounts on my server, using usernames pulled out of the air, obiously looking for accounts to try dictionary attacks on.

    Luckily, all the accounts on the server are my webmaster logins, or are just email forwards for clients. I use a fairly obtuse naming system (to try and keep track of which names belong to which sites), and the passwords are all like "(jmceXWw64.P" to defeat dictionary attacks. Since none of my clients actually log into my machines at all, they don't care about my paranoid passwords. (my root and admin passwords are 32 characters of the above junk, changed monthly!).

    /digress

    Anyway, he didn't get in.

    Should I report him to his provider? They list an abuse email contact, but what if he finds out it was me who shopped him? Do I become a target for revenge? Should I just say 'fair enough, you didn't get in, bye bye', which means he's free to go off and continue abusing? I don't have the resources or the skills to deal with a major hack attack on my server, so I dunno what to do.

    What say you all?

    rgds

    Alan


Comments

  • #2
    sceptre
    Registered Users, Registered Users 2 Posts: 19,608 ✭✭✭✭sceptre


    I'd move towards shopping the guy. If it's definitely a DSL account, shop away.


  • #3
    watty
    Registered Users, Registered Users 2 Posts: 32,417 ✭✭✭✭watty


    If you have decently setup Firewall/Proxy SW like Wingate, even the "right" user name and password can't connect, or can only connect to any service with an explictly setup reverse proxy.

    Disable Netbios binding to any Modem/Isdn card/Network card etc connecting to an outside network.



    If you have a definately identified IP etc always report it to the ISP involved. I traced one attack back to a French University. After I emailed them, that attack source never appeared again. (Dunno what, if anything they did to the presumably hacker student).


  • #4
    theciscokid
    Closed Accounts Posts: 1,006 ✭✭✭theciscokid


    thats a good question.. but unfortunately there could be alot of reasons for and against..

    first off that machine that was scanning you could have been compromised (so without the owners consent)

    it could have been from an internet cafe which can really be helped (unless its a dublin one and they'll get j00 :P)

    it could be an automated tool or worm again infected without the owner's knowledge

    it mightn't be that at all, someone could have used the bounce ftp attack in nmap and spoofed source

    it will prob. not come of anything, most ISP's won't have a look in unless its something serious , and i have a funny feeling mexican isp's dont give a ****! :dunno:


  • #5
    deRanged
    Registered Users, Registered Users 2 Posts: 3,744 ✭✭✭deRanged


    I'd report it - but I wouldn't expect anything to come of it.

    That's been my experience to date anyway.


Advertisement