My first hacker attack

2년 전

Hello guys,

I just want to report with great excitement that my new virtual server got it's very first unsuccessful hacker attack :)

I am developing a bot for the Steem community and soon it will be released for all of you to enjoy the services for free! As I was coding today, I've noticed a new connection to the server which wasn't me! o_O

The attack

attack
Somebody was trying to break my SSH (secure socket shell) password and gain access to the server.
It was a classic brute force attack. Which is similar when you forget your pass and try some combinations :) The difference is that the attacker uses a machine for that and can try thousands of passwords in a minute.

The first thing they try are common passwords, than words, and names. They have a dictionary!
You might going to laugh but the 3 most widely used password is:

  • 12345
  • password
  • 123456

Be sure, that any attacker would try those first:)
Check out this wikipedia article for the most common passwords, I hope yours is not amongst them! ;)

Why there was no danger?

I have a secure password in the server, around 20 characters long.
With that length there is 3.6^39 possible combinations (that's 36 with 38 zeroes behind it). It would take 706 centuries for a powerful machine to break it:) Good luck with that!

About the attacker

I have traced back the attacker's IP address to china but it doesn't mean too much because he could be anywhere. Here are few stats of the used IP:

scsh

scsh2

Choose a strong password!

Here are my advices for secure password:

  1. Always choose as long as possible password everywhere
  2. Do not use words, names
  3. Your key should include upper and lowercase characters at least. Even better if you use numbers and special characters too (@$#&%)
  4. Do not use the same password at more than one place

Exciting times :)


Image: hack (CC BY-SA 4.0)

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
STEEMKR.COM IS SPONSORED BY
ADVERTISEMENT
Sort Order:  trending

My friends and I are running a VPS for personal development projects and we had the same happened to us. It seems there is just an abundance of idiots probing for insecure servers via SSH. I couldn't agree more with your message -- Strong passwords save lives. :)

·

Since than I disabled root login and login with password. Now it is unbreakable:)

Also it killed the joy out of it as I can't watch the logs rolling as the attacker trying to break in:/

I'm surprised how fast I got the first attemt of break in. The server was only running since 2-3 days...

·
·

Yeah, we've only had ours up for a few weeks as well and same thing. I've enabled 2FA for web access and we've generated SSH keys for each login. Very amusing to watch them attempt to break in.

Oh my goodness! :o Uh, congratulations? lol It feels funny to say "Your first hacker, wow, that's amazing!" And then "Unsuccessful, amazing!" hehe

That's one intense password for that amount of zeros, I'm not even sure my brain can process that much. Sooner I found myself telling my husband that I needed to end the conversation so that now that I have "upoaded" the information, I need to process it lol (ADD does that sometimes.)

I'm not sure what those codes mean, but sure, looks accurate, I guess. (shrugs)

·

Hehe, don't try to imagine that number it's way toooooo big for human brain:)

The code is for people who want to hack the hacker. The numbers are the ports which are open to the world so people can interact with (or hack) his server ;)

·
·

Oh ok. So someone can now hack the hacker to find out where he is and who he is...

For some reason, I suddenly have a scene from the Garfeild Halloween special with the old pirate man saying: "They know who you are! They know WHERE you are!"

I highly recommend you disable root access, change SSH Port, and disable password authentication. These are all done in sshd_config.

You will want to setup an ssh key (I recommend the newer standard ed255190) and only allow access via ssh key.

I would also install Fail2Ban, and customize it for the new SSH port.

If you don't already, make sure you have iptables or ufw firewall enabled and properly configured.

Thanks for Ginabot,