The actual server

[dasilvarsa]

I tried to upload a jpg and I think that it crashed the server.
Can U please Check Darryl.

This pic Joe?

[fugglefeet]

Hi all,

The forum has come under close scrutiny again from the outside world by means of another method:-

http://www.shodanhq.com/

What this does is pretty self-explanatory, but here is a quick rundown. This is the hacker's Google to every conceivable device that is connected to the internet at any given time. Below is a screenshot of one of the servers that has tried to access the forum.

Shodan.png

And here is an example of the attack attempt being launched from a Shodan server on the forum:-

Shodan Block.png

And this is only one of many such attacks on an hourly basis.

Darryl

[fugglefeet]

Hi all,

I have managed to compile a report of the attacks that the firewall has endured in the past 2 days from unscrupulous internet travelers to our forum. Attached is a pdf document listing each attack on the forum firewall (about 4 A4 pages long listing 114 events). The list shows the attacking IP address and the port it originated from, the destination IP address (in most cases the forum IP) and the ports that have come under attack, along with a description of the type of attack launched against the firewall.

Hope this information proves insightful.

Darryl

[Phillip Coetser]

Hi Darryl, Phillip, hope you're well. Thanks for helping me getting back on the forum, had a rough time with my I.P. address being seen as a "hacker".

[fugglefeet]

Hi all,

Here is the forum's top three blacklisted IP addresses:-

218.77.79.34 (with 33 attempts)

218.77.79.34.pdf

93.174.93.51 (with 13 attempts)

93.174.93.51.pdf

71.6.167.142 (with 10 attempts)

71.6.167.142.pdf

Hope this is insightful

Darryl

[fugglefeet]

Hi all,

Here is a picture of the hosts blocked by Snort up until around 05:00 this morning:-

Snort Block List.png

Darryl

[admin]

The most persistent hacker that has been busy trying to hack the forum.

Hacker.png

[F.Viljoen]

Can't you report it at that ISP/Organization?

[admin]

Can't you report it at that ISP/Organization?

I'm collecting a log of events for a period of time, for evidence prior to my submitting it to the ISP for scrutiny.

[fugglefeet]

I have in the meantime, sent a 5 page log of just the attacks from this IP address alone, to the ISP concerned to see if I am to get a response.

document.pdf

If it's any consolation, the biggest origin of hack attacks originate from China. The ZB Block application that is used to protect the forum from spammers by default blocks complete IP address ranges originating from China. Something to consider when wanting to setup a server of any sorts that is connected to the internet.

P.S. Don't hold your breath waiting for the ISP to reply with intent to take action against the culprit

EDIT:- To date (6 May 2014) I have not received a reply to an email I had sent to the ISP, listing the numerous times that the customer using the IP address, had attacked the forum's firewall.