hacked website

 

Linux News Here's website over the past several weeks had been the target of hackers.

Phishing software was uploaded to the site. A number of complaints were lodged with my hosting provider and dealt with expeditiously. Running CENTOS 6.7....

This caused some real frustration for me. It was hard to determine how the hackers had got access to the site. I changed pass words and logins.

Checking logs gave certain information. I got sick of deleteing the uploaded files and changing the permissions of their directories. I had some software installed which detected sql injections, file monitoring and antivirus but no brute force detection.

I came to the conclusion that a complete wipe of the file system and a new install was the only way to be sure that no software infections remained.

Then came brute force.

hulk brute force

The site had been re-installed with some new security software including brute force detection. Within 48 hours of the site being up and running again, a brute force attack was detected and repelled. The brute force script does a number of things. One of the important features is the capturing of the offenders ip address and associated details from the ripe database as well as banning the offending ip forever.

So the following affending ip addresses are published below. I have no problems doing this. This information is freely available from the Ripe database.

 

ip address 91.200.12.22

 91.200.12.22 details

 

 Ip address 195.3.144.88

195.3.144.88 details