24 {{ upvoteCount | shortNum }}
24 {{ upvoteCount | shortNum }}

Stunning Number of Hack Attempts

by kindsvater
20 replies
Just tried to login to my cpanel and received a notice the account was locked down due to a brute force attack.

Had never seen that before.

After finally getting into my dedicated server and looked at the cphulk history report....Dozens of attempted brute force hacks just over the past few weeks.

This is an eye opener.

China has been real busy.

I just tightened my configuration protection and gonna block a few IPs. You may want to look at your security.

.
#attempts #hack #number #stunning
  • Profile picture of the author Clint Faber
    To prevent anyone from getting upset. You may want to clarify what you mean by the statement

    "China has been real busy."
    {{ DiscussionBoard.errors[4981012].message }}
  • Profile picture of the author iAmNameLess
    Is clarifying really necessary? I would assume by that statement he looked up the IP addresses and they came from China...

    It is strange that you were on a dedicated server. This happens all the time on shared servers, resellers, etc.

    good looking out, I guess I need to check out a few of mine.
    Signature
    {{ DiscussionBoard.errors[4981072].message }}
  • Profile picture of the author InternetMarketingIQ
    Block their IP's. I block any IP from any country that I can't make money from. What is the point in having traffic from countries that can't make you any money?
    Signature
    Internet Marketing IQâ„¢
    {{ DiscussionBoard.errors[4981183].message }}
    • Profile picture of the author CDarklock
      Originally Posted by InternetMarketingIQ View Post

      I block any IP from any country that I can't make money from. What is the point in having traffic from countries that can't make you any money?
      Roughly a quarter of my product sales are made to Chinese customers.

      Just sayin'.
      Signature
      "The Golden Town is the Golden Town no longer. They have sold their pillars for brass and their temples for money, they have made coins out of their golden doors. It is become a dark town full of trouble, there is no ease in its streets, beauty has left it and the old songs are gone." - Lord Dunsany, The Messengers
      {{ DiscussionBoard.errors[4981802].message }}
      • Profile picture of the author Paul Myers
        Caliban,
        Roughly a quarter of my product sales are made to Chinese customers.
        In mainland China, or in Hong Kong and Singapore, and other places with large Chinese populations? If the former, you're doing better there than I ever have.

        Wanna share the secret?

        Nameless,
        It is strange that you were on a dedicated server. This happens all the time on shared servers, resellers, etc.
        Dedicated, too. You should see my server logs for the dedicateds. Seems they're prized as spam cannons...


        Paul
        Signature
        .
        Stop by Paul's Pub - my little hangout on Facebook.

        {{ DiscussionBoard.errors[4981874].message }}
        • Profile picture of the author CDarklock
          Originally Posted by Paul Myers View Post

          Caliban,In mainland China, or in Hong Kong and Singapore, and other places with large Chinese populations?
          Primarily Hong Kong. Mainland China is a very small portion of my sales, just shy of 5% - as is Singapore. Which is surprising, because I'd expect Hong Kong and Singapore to have similar percentages of sales. But Hong Kong accounts for just over 1 in 8 sales, while mainland China and Singapore combined are just under 1 in 10. Those three countries are just over 22% of my sales.

          Wanna share the secret?
          I don't know the secret. I have a large fanbase around the Pacific rim and in Eastern Europe, but I don't know why. Czechs and Chinese just seem to love me for some reason.

          Regionally, I have about 26% of my sales coming from the Pacific rim, another 17% coming from Eastern Europe, and 16% from the UK. Then 28% are from the US and Canada, leaving a combined 13% throughout the rest of the world. Top of that list, with just over 1%, is South Africa... followed by Australia at just under 1%.

          But this is by geolocated IP, not address, so with proxies and whatnot my results may not be 100% accurate.
          Signature
          "The Golden Town is the Golden Town no longer. They have sold their pillars for brass and their temples for money, they have made coins out of their golden doors. It is become a dark town full of trouble, there is no ease in its streets, beauty has left it and the old songs are gone." - Lord Dunsany, The Messengers
          {{ DiscussionBoard.errors[4981953].message }}
          • Profile picture of the author Paul Myers
            Caliban,

            That is really interesting. Thank you. Shows how markets can vary based on things you can't pinpoint after the fact.

            My breakdown is way different. The main origins are, in approximate order (I haven't done the tracking in a while):

            The US
            Canada
            Germany
            The UK and the Netherlands (roughly tied)
            India and Australia (roughly tied)

            That's the majority. I get a fair number from Spain, New Zealand, the Philippines, Hong Kong, Singapore and South Africa, but they're way down in the percentages. After that, it's all over the place. I even had one customer a long while back from McMurdo Station. Only one, ever, but it's a fun thing.

            I had a few people translate some of my stuff into German (with permission) years ago, which accounts for meine Deutscher freunden.

            I hope I got that last part right, or I may lose a few of them.

            The overwhelming majority of my hack attacks have been from Russia and China, with the percentages seeming to flip from the former toward the latter in recent months. A lot of the Chinese attacks seem to be contract jobs, whereas the Eastern European hackers seem to be working for the Russian Business Network.

            Pakistani hack efforts are fast on the rise. They should become a significant percentage soon. As far as I can tell, they seem to be close to 100% contract jobs, except the [subject deleted] types that go after Wordpress sites. Those are basically script kiddies.


            Paul
            Signature
            .
            Stop by Paul's Pub - my little hangout on Facebook.

            {{ DiscussionBoard.errors[4982087].message }}
          • Profile picture of the author Joshua Rigley
            Banned
            Originally Posted by CDarklock View Post

            I have a large fanbase around the Pacific rim and in Eastern Europe, but I don't know why. Czechs and Chinese just seem to love me for some reason.
            I bet it's your hair.
            {{ DiscussionBoard.errors[4985812].message }}
  • Profile picture of the author becanada
    our dedicated servers get 20,000 + hack attempts per day. watch you do not adjust your brute force settings to sensitive or you will have all kinds of support calls!!!

    D
    Internet Marketing Center: 100,000 Resources, Links, Tools, Newsletters, Articles to get better internet marketing results worldwide.
    Signature

    David Belton , CEO, Becanada Internet Marketing Center, Since 1995, Over 50,000 How To Marketing Resources; Tools, and Software to automate internet marketing and increase sales/traffic: http://www.becanada.com/

    Automate Advertising up to 200 times faster to 1000s of sites, own submitter[s]:
    http://power.becanada.com/?warrior_sig

    {{ DiscussionBoard.errors[4981733].message }}
  • Profile picture of the author .X.
    The IRS doesn't like the fact your
    information saved me a few thousand
    dollars on my taxes Brian (and I'll do
    better next year now that every 10
    mile drive, and back, to town is tax
    deductable).

    They're pissed. And they're coming
    after you.

    X
    Signature
    {{ DiscussionBoard.errors[4984782].message }}
  • Profile picture of the author Brian Alaway
    Put up a shell site and most hacks/spam/botnets are coming from China, Russia and Ukraine. I block all those ips. Doesn't matter if they're proxies or not, they keep changing and I keep blocking. It's possible to block an entire country via htacess or if you want to be more selective, here's a good list to start with: 2010 IP Blacklist, Featuring over 100 Blocked IPs
    Signature
    How to Configure Secure FTP
    {{ DiscussionBoard.errors[4985769].message }}
  • Profile picture of the author KingMedia
    The great amount is from a bot trying to gain access or trying to cripple your server. Is your content controversial? Usually your hosting company should take care of all intrusions and fix any leaks.
    Signature

    {{ DiscussionBoard.errors[4986010].message }}

Trending Topics