Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Yahoo)   China complains that hacking attacks against the nation are 'soaring', admits it doesn't like the taste of them there apples   (uk.news.yahoo.com) divider line 28
    More: Ironic, hacking attacks, host computers, internet security, security agency, Trojan Horse, taste  
•       •       •

822 clicks; posted to Geek » on 28 Mar 2014 at 9:18 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



28 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2014-03-28 09:21:09 AM  
Oh, Boo Hoo.  You should see my security logs. A good 90% of brute force attempts on my systems are from China.
 
2014-03-28 09:27:08 AM  

Odoriferous Queef: Oh, Boo Hoo.  You should see my security logs. A good 90% of brute force attempts on my systems are from China.


I can confirm this fact as well.  We have customers who actually block all geo-ip resolutions from China. (and large swathes of Eastern Europe).
 
2014-03-28 09:37:03 AM  
Good.

You know, if you hook up a server with only an external IP address and no domain/dns entries, you'll either have a Chinese or Russian bot net find it within a day, followed by brute force and dictionary attacks.
 
2014-03-28 09:50:05 AM  
I've recently been hacked by the Chinese, so I'm really getting a kick out of these replies.
 
2014-03-28 09:50:54 AM  
You no China!  Rule no appry to me!
 
2014-03-28 10:03:57 AM  

Odoriferous Queef: Oh, Boo Hoo.  You should see my security logs. A good 90% of brute force attempts on my systems are from China.


Out of curiosity, I just had a look at the IPs that denyhosts has blocked on my home workstation (it kicks in after 3 failed ssh connection attempts). The top five most frequent countries are:

China                               (650)
United States                       (365)
Korea, Republic of                  (202)
Germany                             (118)
Russian Federation                  (105)


This is just a regular home net connection, i'm not running any servers or anything.
 
2014-03-28 10:06:14 AM  
 
2014-03-28 10:36:53 AM  

Thank You Black Jesus!: You no China!  Rule no appry to me!


img.fark.net
 
2014-03-28 10:50:35 AM  
insidenewyork.com

"Boo freakin' Hoo"
 
2014-03-28 10:53:55 AM  
A buddy of mine has a silly gaming joomla site with 200 some users...that is continually under attack from forum spammers (mostly from China).  They'd create bogus accounts and post in the Welcome forum.  Some 500+ accounts were created.  He finally asked for some assistance and I did a number of things to mitigate his issues.  What I saw from the logs is that it wasn't just his forum that was under attack, it was also his admin console (they were attempting to brute force it).  Most joomla sites have an admin console that looks like yoursite.com/administrator, so it's easy to attack.

1.  Registered users can't post, only members and that process is manual (which isn't a big deal because he may get 1 new legit user a week).
2.  Added a couple of joomla extensions that blocked by country and protected his admin console.
3.  Modified his htaccess file to block a number of the common ranges that were being used as attack vectors as well as cloud hosting (AWS was used extensively).

Yet the attacks continue. While my measures took down the traffic dramatically (he was getitng 10-13k pageviews a day...and now it's down around 1000), he's still getting hit.  Not sure what else I can do.  Since the majority of his users are in the US (some in Canada), I could do an .htaccess deny all and only allow ranges from US and Canada...but that seems to be a bit ridiculous.

Keep in mind, this is a silly no-profit, no-donations, no personal information website.  There's nothing really to be gained by the attacks.  If they're willing to go after this do-nothing meaningless site, how much do you think they'd go after a site that actually has information worth stealing?
 
2014-03-28 11:05:40 AM  

slayer199: There's nothing really to be gained by the attacks.


They're not after the site contents, they just want the box itself to either host content or to be part of a botnet.
 
2014-03-28 11:12:30 AM  

slayer199: Keep in mind, this is a silly no-profit, no-donations, no personal information website.  There's nothing really to be gained by the attacks.


Practice, practice, practice.
 
2014-03-28 11:13:14 AM  

Pinko_Commie: slayer199: There's nothing really to be gained by the attacks.

They're not after the site contents, they just want the box itself to either host content or to be part of a botnet.


How do you write Borg in chinese?
 
2014-03-28 11:21:30 AM  

Gonz: slayer199: Keep in mind, this is a silly no-profit, no-donations, no personal information website.  There's nothing really to be gained by the attacks.

Practice, practice, practice.


That's what our CISSP from the security team at my job was saying. Since they're likely run by the PLA, this is their way of working their way up.
 
2014-03-28 11:21:40 AM  
Ali Baba and the Forty Thieves
 
2014-03-28 11:24:26 AM  

Pinko_Commie: slayer199: There's nothing really to be gained by the attacks.

They're not after the site contents, they just want the box itself to either host content or to be part of a botnet.


Well, they created over 500 accounts and created over 1000 new posts until we closed that hole. Forum spam.

Of course we wouldn't see any direct attacks on the server, but the webhost would.
 
2014-03-28 12:08:38 PM  

Pinko_Commie: Odoriferous Queef: Oh, Boo Hoo.  You should see my security logs. A good 90% of brute force attempts on my systems are from China.

I can confirm this fact as well.  We have customers who actually block all geo-ip resolutions from China. (and large swathes of Eastern Europe).


It's a good practice. Most machines under my control are blocking the same areas.

DammitIForgotMyLogin: Odoriferous Queef: Oh, Boo Hoo.  You should see my security logs. A good 90% of brute force attempts on my systems are from China.

Out of curiosity, I just had a look at the IPs that denyhosts has blocked on my home workstation (it kicks in after 3 failed ssh connection attempts). The top five most frequent countries are:

China                               (650)
United States                       (365)
Korea, Republic of                  (202)
Germany                             (118)
Russian Federation                  (105)

This is just a regular home net connection, i'm not running any servers or anything.


My top two are China and Korea. I'm too lazy to dig deeper than that. :)
 
2014-03-28 12:13:53 PM  
Black Lotus detected
 
2014-03-28 12:19:34 PM  
They'll never get my City Server!
 
2014-03-28 12:37:18 PM  
Great headline!
 
2014-03-28 12:57:13 PM  

Odoriferous Queef: My top two are China and Korea. I'm too lazy to dig deeper than that. :)


On the site I was assisting with, Canada was #1 (multiple cloud hosting sites now blocked), followed by China, US, UK (cloud hosting), France, Russia, and Panama (cloud hosting again).  I know it's the Chinese using cloud hosting sites because they're running the same scripts.  The only one of those that was acting differently was from Russia.
 
2014-03-28 01:13:50 PM  

holdmybones: http://intelreport.mandiant.com/

Poor China.


Thanks for that...really interesting...
 
2014-03-28 03:45:19 PM  
This is like a serial rapist whining about getting laid.
 
2014-03-28 05:51:34 PM  
fc08.deviantart.net
 
2014-03-28 06:33:46 PM  
This is why I don't have a single computer connected to the internet.  Wireless FTW!
 
2014-03-28 11:05:24 PM  
img.fark.net
 
2014-03-29 01:24:43 AM  

slayer199: A buddy of mine has a silly gaming joomla site with 200 some users...that is continually under attack from forum spammers (mostly from China).  They'd create bogus accounts and post in the Welcome forum.  Some 500+ accounts were created.  He finally asked for some assistance and I did a number of things to mitigate his issues.  What I saw from the logs is that it wasn't just his forum that was under attack, it was also his admin console (they were attempting to brute force it).  Most joomla sites have an admin console that looks like yoursite.com/administrator, so it's easy to attack.

1.  Registered users can't post, only members and that process is manual (which isn't a big deal because he may get 1 new legit user a week).
2.  Added a couple of joomla extensions that blocked by country and protected his admin console.
3.  Modified his htaccess file to block a number of the common ranges that were being used as attack vectors as well as cloud hosting (AWS was used extensively).

Yet the attacks continue. While my measures took down the traffic dramatically (he was getitng 10-13k pageviews a day...and now it's down around 1000), he's still getting hit.  Not sure what else I can do.  Since the majority of his users are in the US (some in Canada), I could do an .htaccess deny all and only allow ranges from US and Canada...but that seems to be a bit ridiculous.

Keep in mind, this is a silly no-profit, no-donations, no personal information website.  There's nothing really to be gained by the attacks.  If they're willing to go after this do-nothing meaningless site, how much do you think they'd go after a site that actually has information worth stealing?


As someone who administers a Joins site, this gives me pause.

Time to check the logs.
 
2014-03-29 01:28:29 AM  
*Joomla
 
Displayed 28 of 28 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
Advertisement
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report