I have a hacker that is running password hack script that uses several different IPs from all over Asia & Europe.... Normally the scripts block hackers that use 1 IP or 2.. but if he is continuously spoofing the IP - Is there anything that can be done??

Thanks,

The Dawg

its not called spoofing the ip, its called using a proxy, there is a big difference.

There are 1000s of proxies on the web, good luck http://bbs.adultwebmasterinfo.com/ubb/smile.gif

there is a way to set up a firewall, write it on cd and set up some little computer between your server and switch, it only needs cd-rom. Allow www connections all, but ftp and telnet only from certain ips. Firewall on cd can not be screwed, cause cd isn't writable. About password hacking, hmm. you probably need some nice soft, I heard they sell some soft that if the password compromised and posted, the traffic will be redirected to your sponsors page. I doubt there is a way to stop a guy running password cracking scripts though, he can do it through bunch of proxies.

If you are on a Unix box - get and compile Iprotect into apache if you are running it. I use it and get hit sometimes 100 times per day by those fuckers and it kills the username/password right off. Actaully it will protect any .htpasswd file on the server...

Best of luck http://bbs.adultwebmasterinfo.com/ubb/smile.gif

yeah, iprotect will do the job blocking assholes and passwords, but can it do anything against the guy running crack on your site? You block his ip, he can get another in a sec. Those crack programms got pretty smart lately
and .htaccess is not the best protection

Hmm, where does one get iprotect.
And is there something you can do about brute force attacks on your FTP?

ftp is usually pretty secure, telnets are not.
get yourself and install ssh

Yea, I know about IProtect but that doesnt do anything for a hacker that keeps switching IPs.

I checked the IPs and all of them were coming from .it, .jp, .kr, and other european & asian countries... I added a .htaccess will 'deny from' those countries but there is just toooo many IPs to check.

The Dawg

My thoughts, sit there and hope he goes away with minimal damage done.

Muff

Damn, i just checked the ssh FAQ and it looks pretty difficult for me to set it ip and stuff.
I guess protecting your site isnt very easy.

set it up i meant to say http://bbs.adultwebmasterinfo.com/ubb/tongue.gif

yeah i'd just sit there and wait, if he cracks some passes, remove them, or redirect the traffic he is sending you to your main page or a sponsor.

Or get pennywise, once more then 3-4 different IP's log into your members area with one L/P PennyWise will close the account until you can review it with the client.

pennywize is solid

ssh is not that to install, and it's free
Windows ssh client cost only 40 bucks

just don't allow proxies to connect... crackers normally don'T use their own IP... well they would be dumb doing it...

HTTP proxies are usually on port 1080 or 8080...

hope this help!

Jimbo

If you have a linux/unix box.. you can install a script called PortSentry.. I have this installed on my firewall.. It is pretty damn sweet. What it will do is block IP's - what I mean is.. if someone just hits your site to look at your web site or what ever it lets them through fine. But if an IP scans your box for anything it will block the IP and never let it access your box again unless you let them.. ( delete the blocked ip) It works fantastic for me. Not sure if you are able to install this on your box or if you have a firewall. You can get the code and read about it here.. hope it helps you out.

http://www.psionic.com/abacus/portsentry/