![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Would-be "Hackers"
May. 19th, 2010 09:39 pmFor several weeks now I've been watching a big burst in port scanning and password guessing tactics against my servers at the library. No one has gotten in, nor are they likely to, but the amount of traffic was getting to be irritating. Last week I started black listing IP addresses so that they are completely blocked. On Friday I tightened the firewall security on SSH so the password guessers can't even try any more unless they manage to steal one of a very select list of IP addresses to try it from. All other SSH attempts will just be dumped in the bit bucket now.
They seem to have caught on fast enough. The SSH attacks have ceased. The port scanning continues, along with efforts to break in through DNS (which we don't have on site for just that reason) and Microsoft file sharing/SMB, which we do have but don't allow through the firewall for anyone. One of the blocked addresses that continued to try this afternoon turned out to belong to the local school district. I realized this when I started getting reports that one of our internet workstations was trying to connect outward to the same address, which is blocked both ways. Sure enough, it was a public internet station in the kids' part of the library. I lifted the block long enough to check. The machine at that address is running Windows, of course, with IIS, of course. The IIS is apparently unconfigured. You get the usual panel with "Installation was successful, now you need to configure your server" if you try to connect to it. Of course this only means that the default page is undefined. There may be things on that machine that are reachable if you know the URL to request. I think the school district tech people will be getting notified of this tomorrow.
Aside from that, it was a beautiful spring day. The scent of honeysuckle and wild cherry blossoms was on the air, the birds were singing, and there was even a pretty sunset.
They seem to have caught on fast enough. The SSH attacks have ceased. The port scanning continues, along with efforts to break in through DNS (which we don't have on site for just that reason) and Microsoft file sharing/SMB, which we do have but don't allow through the firewall for anyone. One of the blocked addresses that continued to try this afternoon turned out to belong to the local school district. I realized this when I started getting reports that one of our internet workstations was trying to connect outward to the same address, which is blocked both ways. Sure enough, it was a public internet station in the kids' part of the library. I lifted the block long enough to check. The machine at that address is running Windows, of course, with IIS, of course. The IIS is apparently unconfigured. You get the usual panel with "Installation was successful, now you need to configure your server" if you try to connect to it. Of course this only means that the default page is undefined. There may be things on that machine that are reachable if you know the URL to request. I think the school district tech people will be getting notified of this tomorrow.
Aside from that, it was a beautiful spring day. The scent of honeysuckle and wild cherry blossoms was on the air, the birds were singing, and there was even a pretty sunset.
