Hackers

[My_King]

Quite funny to see this when going through logs:



Thats why I always say, create users in Afrikaans.
We have Zabbix, support, root, admin, even VNC that these 9 year olds keep guessing.


*Or just disable SSH.

 

[aybbleek]

Wtf is SSH open? Should be accessed via VPN only. All it will take is one remote exploit and you're moertoe

 

[Herr der Verboten]

Quite funny to see this when going through logs:

View attachment 765540

Thats why I always say, create users in Afrikaans.
We have Zabbix, support, root, admin, even VNC that these 9 year olds keep guessing.


*Or just disable SSH.

People create threads for this

Oh wait the 9-year-old fascination

 

[DrJohnZoidberg]

Or just disable password only login and use public/private keys.

 

[irBosOtter]

Found the one IP in our logs as well haha

Usually over 5000 attempts a day just on port 22, guess the scrypt kiddies are not in full force yet

 

[My_King]

Found the one IP in our logs as well haha

Usually over 5000 attempts a day just on port 22, guess the scrypt kiddies are not in full force yet


View attachment 765550

View attachment 765544

They want access real bad
Actually wonder how many people they have breached yet?

 

[irBosOtter]

They want access real bad
Actually wonder how many people they have breached yet?

Well, we don't even have port 22 open so luckely nothing to worry about or get into

 

[My_King]

Wtf is SSH open? Should be accessed via VPN only. All it will take is one remote exploit and you're moertoe

Its the config of a Mikrotik that has been set to factory default settings.

 

[irBosOtter]

They want access real bad
Actually wonder how many people they have breached yet?

Friend had a VPN dialed from a a QNAP NAS, he got a public IP through that VPN, and got hacked the same day

Moved the VPN to a linux pc with firewall

 

[My_King]

Friend had a VPN dialed from a a QNAP NAS, he got a public IP through that VPN, and got hacked the same day

Moved the VPN to a linux pc with firewall

Must admit that even freaks me out. Gotta check what my own TP link NAS is doing

 

[Peon]

Remember to make sure uPnp on NAS is disabled. Cool feature im sure, bad idea imo

 

[My_King]

Remember to make sure uPnp on NAS is disabled. Cool feature im sure, bad idea imo

I also got myself those 3 gang wifi switches. I was too scared to use them on my own network and created a separate network.
Guess the best thing with a NAS would be to give it a static IP and block internet access.

 

[Jet-Fighter7700]

these are all public accessible IP addresses though, not ones assigned by an ISP?

 

[My_King]

Remember to make sure uPnp on NAS is disabled. Cool feature im sure, bad idea imo

Guess I`m safe:

 

[Naaimasjien]

You can always limit connections to your Mikrotik via IP > Services. For example if you use IPs within 192.168.x.x on your internal network, you could try the code below. Please note that this is not recommended if you need access to your Mikrotik from outside your internal network.

/ip service
set 0,1,2,3,4,5,6,7 address=192.168.0.0/16

 

[supersunbird]

Hackers was a fun movie to watch, 8/10

 

[irBosOtter]

these are all public accessible IP addresses though, not ones assigned by an ISP?

My home firewall logs shows 40 attempts in the last 24 hours on ssh

Mine shows only the port scans and no login attemplts as the port scan shows no ports open. You will only see the login attempts if the port is open

 

[Sinbad]

Found the one IP in our logs as well haha

Usually over 5000 attempts a day just on port 22, guess the scrypt kiddies are not in full force yet


View attachment 765550

View attachment 765544

Easy to reconstruct your IP address range from this.......

 

[irBosOtter]

Easy to reconstruct your IP address range from this.......

Nope haha, there are 5 different IP's in that list, so the one you will reconstruct will not be one we have configured on any of the firewalls

Here's my home IP, with HTTPS access on the fortigate.... locked down access to two IP's though.

 

[My_King]

Nope haha, there are 5 different IP's in that list, so the one you will reconstruct will not be one we have configured on any of the firewalls

Here's my home IP, with HTTPS access on the fortigate.... locked down to two IP's though.

View attachment 765602

Fortigate not overkill for home use?