- Joined
- Jun 16, 2005
- Messages
- 494
- Reaction score
- 216
Find it yourself
other way = google it
other way = google it
Last edited:
Find out the hacker
- Thread starter Magenik
- Start date
- Status
- Joined
- Jul 20, 2005
- Messages
- 621
- Reaction score
- 11
:O
good inf
good inf
The Cat in the Hat
VIP
- Joined
- Oct 26, 2005
- Messages
- 4,497
- Reaction score
- 692
I should have watched my mouth and not said/talked shit to DeadlyData telling him things like your are not welcome here because then I become the one who is truly not welcome here.
- Joined
- Apr 7, 2007
- Messages
- 77
- Reaction score
- 1
-.-.
Today soon after my server has a more cash.
I saw that an IP Venezuela's connected to my server, but gave no great importance.
But now I was worried about the IP: 74.85.13.35, I had already locked, but after having blocked this IP had 3 more attacks the following IPs:
210.4.44.72
67,228,105,171
83,233,169,214
this were those of today ....
if someone has to change with more information about it.
Ha someone knows block access to the parents of a server?
Example block all ip of Venezuela to have access to my server?
Venezuela's IP to access my server was 190.72.125.72.
IP: traced
Today soon after my server has a more cash.
I saw that an IP Venezuela's connected to my server, but gave no great importance.
But now I was worried about the IP: 74.85.13.35, I had already locked, but after having blocked this IP had 3 more attacks the following IPs:
210.4.44.72
67,228,105,171
83,233,169,214
this were those of today ....
if someone has to change with more information about it.
Ha someone knows block access to the parents of a server?
Example block all ip of Venezuela to have access to my server?
Venezuela's IP to access my server was 190.72.125.72.
IP: traced
To view the content, you need to sign in or register
Last edited by a moderator:
- Joined
- Jul 20, 2005
- Messages
- 621
- Reaction score
- 11
My server was also mysteriously crash the server.
Is it because this kid?
How do I know if someone shot my server?
Is it because this kid?
How do I know if someone shot my server?
The Cat in the Hat
VIP
- Joined
- Oct 26, 2005
- Messages
- 4,497
- Reaction score
- 692
I should have watched my mouth and not said/talked shit to DeadlyData telling him things like your are not welcome here because then I become the one who is truly not welcome here.
- Joined
- Jun 16, 2005
- Messages
- 494
- Reaction score
- 216
Read my signature
Last edited:
- Joined
- Jun 16, 2005
- Messages
- 494
- Reaction score
- 216
Read my sign
Last edited:
- Joined
- Sep 7, 2005
- Messages
- 82
- Reaction score
- 4
iptables -A INPUT -s 83.233.169.112 -j DROP --> This will only drop or disconnect the culprit from your server and he will be able to connect again.. I suggest you use the REJECT parameter to completely ban him.
iptables -A INPUT -s 83.233.169.112 -j REJECT --> this will completely block him from the server.
Just an example. Replace the ip of the culprit. And dont forget to check if your iptables is initialized or turned on, if not the blockign will be useless.
IN ADDITION:
For you to know the actvities of all connected ip address on you Linux server, do the following command:
netstat -anp
Multiple connections with Syn status might be suspicious. So better keep eye on them.
Hope this helps.
iptables -A INPUT -s 83.233.169.112 -j REJECT --> this will completely block him from the server.
Just an example. Replace the ip of the culprit. And dont forget to check if your iptables is initialized or turned on, if not the blockign will be useless.
IN ADDITION:
For you to know the actvities of all connected ip address on you Linux server, do the following command:
netstat -anp
Multiple connections with Syn status might be suspicious. So better keep eye on them.
Hope this helps.
Last edited:
The Cat in the Hat
VIP
- Joined
- Oct 26, 2005
- Messages
- 4,497
- Reaction score
- 692
I should have watched my mouth and not said/talked shit to DeadlyData telling him things like your are not welcome here because then I become the one who is truly not welcome here.
- Joined
- Jul 20, 2005
- Messages
- 621
- Reaction score
- 11
But if the user uses a proxy "European" or "Chinese" or any other place, the result is the same.
This may be a solution for a few days, but then began to use this method to block all countries.
I think it would be best solved what that person used to throw the server
This may be a solution for a few days, but then began to use this method to block all countries.
I think it would be best solved what that person used to throw the server
- Joined
- Sep 7, 2005
- Messages
- 82
- Reaction score
- 4
yes I agree. he will only keep on changing ip address.
- Joined
- Oct 5, 2008
- Messages
- 191
- Reaction score
- 21
you are wrong.
Drop its the best option, becouse for the attacker look like the channel its down.
Reject send a notice to the ip, saying his packets as been rejected. That means "hey i have the server up but i can recive your packets becouse your ip it blocked, try another proxy!!!!".
- Joined
- Sep 10, 2006
- Messages
- 5,264
- Reaction score
- 47
i have been tracing it for a while, and there are IP's also from hosting companies like Sofylayer, and one private server CABAL REBIRTH
also, @magenik you are crazy, these IPs to drop will block tons of internet users (most of the world.)
and by the way, the thing you do is not exactly what you are thinking , use the IPrange module for IPTables if you want to block ip-range's
also, @magenik you are crazy, these IPs to drop will block tons of internet users (most of the world.)
and by the way, the thing you do is not exactly what you are thinking , use the IPrange module for IPTables if you want to block ip-range's
- Joined
- Oct 5, 2008
- Messages
- 191
- Reaction score
- 21
jaja yea, i laugh when i read "my server dont crash for 3 days", yea!!! you are blocking 50% of the world xD.
better do "ifconfig eth1 down" and forget
now on topic, i have made a little research of this. I dont care where the guy from becouse, that is not the problem, its the same if he is from venezuela, la rioja or ukrania, its crashing our server and that all .
first he start sending a normal packet whit a static header and we blockit with this rule.
iptables -A INPUT -p tcp --dport 38111:38600 -m string --hex-string "|aa 88 3f 47|" --algo bm -j DROP
Use a module from kernels +2.6.19 who allow to block packets searching for hex or string matchs.
then he change the header and left just 1byte always repeting. (that 47).
now im working on a fix using that and the lengh of the packets.
I attach a tcpdump capture of one atack, you can see what realy happend. (use whireshark on windows).
He just need send 2 packets to crash a channel, realy realy good.
- Joined
- Jun 16, 2005
- Messages
- 494
- Reaction score
- 216
jaja yea, i laugh when i read "my server dont crash for 3 days", yea!!! you are blocking 50% of the world xD.
better do "ifconfig eth1 down" and forget
@you both
before talk about That its 50% ip of the world its blocked
learn IP of each country first
where do u see 50% of internet are blocked on this Post?
you ahve only South korea who is blocked
and yea why now you come and post your Knowing about hacking when i alerady gave info ?
then if you feel better than me explain to ppl how find hacker and block them
this section still same as before ppl will never change
i guess was good give ppl there some info but i guess i better keep my knowing for me
tt1:now you both help other ppl you know better than me
- Joined
- Sep 10, 2006
- Messages
- 5,264
- Reaction score
- 47
@you both
before talk about That its 50% ip of the world its blocked
learn IP of each country first
where do u see 50% of internet are blocked on this Post?
you ahve only South korea who is blocked
and yea why now you come and post your Knowing about hacking when i alerady gave info ?
then if you feel better than me explain to ppl how find hacker and block them
this section still same as before ppl will never change
i guess was good give ppl there some info but i guess i better keep my knowing for me
now you both help other ppl you know better than me
u seem really crazy, why you have to confuse the people, telling them to block this ip's ? yea its alot of the WORLD we live IN, now.. this will only make the servers having less users, it wont be 50% of the world, but like ~10% maybe.
p.s THE WORLD's last IP is 255.255.255.255 < the max number of IP's ( calculate urself ;D)
Guys how did u verify that its a connection that crashes the server?
anyone can show me ?>_<
i have wireshark long ago bt doesn't get use to it
anyone?
@penihop
that's a 4228250625
o_o
any ideas? bro i need your help
oh! penihop you're the guy from the hotmail o_o
anyone can show me ?>_<
i have wireshark long ago bt doesn't get use to it
anyone?
@penihop
that's a 4228250625
o_o
any ideas? bro i need your help
oh! penihop you're the guy from the hotmail o_o
- Joined
- Oct 5, 2008
- Messages
- 191
- Reaction score
- 21
@you both
before talk about That its 50% ip of the world its blocked
learn IP of each country first
where do u see 50% of internet are blocked on this Post?
you ahve only South korea who is blocked
and yea why now you come and post your Knowing about hacking when i alerady gave info ?
then if you feel better than me explain to ppl how find hacker and block them
this section still same as before ppl will never change
i guess was good give ppl there some info but i guess i better keep my knowing for me
now you both help other ppl you know better than me
calm downnn xD
that the problem of forums, any one who open a readme think can share "info".
the right way to do this its not block the cracker, its find out the problem, solved or do something to make the admin job more easy.
- Status
RaGEZONE Sponsor
RaGEZONE Partners
