They just keep on trying
-
Part of the daily routine (in between lounge sessions and coffee) has been looking in on my ftp server log files. It only takes a passing glance to see that the server has been attacked. I have seen dictionary attacks and brute force attacks on the Administrator account. This last episode which lasted for over almost two hours was the latter variety which always follows this pattern: Administrator - 1243 attempts Administrateur - 1243 attempts Administrador - 1242 attempts Administratore - 1244 attempts The server is running Server 2008 and of course IIS 7.5. IIS 8.0 offers a dynamic blocking feature for FTP, but that really is the only compelling reason I have to upgrade to Server 2012. I have searched high and low for a free utility for dynamic blacklisting for the FTP service. I even found source code for a utility that worked with Server 2003 but found that it was not compatible with 2K8. :sigh: On to plan B...get a list of all the IP address for a couple of countries and build a utility to import them into IIS. Plan B was a huge success, eliminating most of the attacks. Now, the ones that still get through are more an annoyance than anything. If it was still a major problem, I'd probably look into hosting the FTP service on nix, for which there is an open source lockdown utility available. Anyway, the point of posting this was that I was thinking that it might be fun to create a sort of Pandora's Box by creating a fake Administrator account with the password of something like 'password'. The ftp account's home folder could contain some fun content. Question: What useful content might you leave for a theif hacker? :laugh:
"Go forth into the source" - Neal Morse
-
Part of the daily routine (in between lounge sessions and coffee) has been looking in on my ftp server log files. It only takes a passing glance to see that the server has been attacked. I have seen dictionary attacks and brute force attacks on the Administrator account. This last episode which lasted for over almost two hours was the latter variety which always follows this pattern: Administrator - 1243 attempts Administrateur - 1243 attempts Administrador - 1242 attempts Administratore - 1244 attempts The server is running Server 2008 and of course IIS 7.5. IIS 8.0 offers a dynamic blocking feature for FTP, but that really is the only compelling reason I have to upgrade to Server 2012. I have searched high and low for a free utility for dynamic blacklisting for the FTP service. I even found source code for a utility that worked with Server 2003 but found that it was not compatible with 2K8. :sigh: On to plan B...get a list of all the IP address for a couple of countries and build a utility to import them into IIS. Plan B was a huge success, eliminating most of the attacks. Now, the ones that still get through are more an annoyance than anything. If it was still a major problem, I'd probably look into hosting the FTP service on nix, for which there is an open source lockdown utility available. Anyway, the point of posting this was that I was thinking that it might be fun to create a sort of Pandora's Box by creating a fake Administrator account with the password of something like 'password'. The ftp account's home folder could contain some fun content. Question: What useful content might you leave for a theif hacker? :laugh:
"Go forth into the source" - Neal Morse
"FinancialInformation2014Q1.zip" About 16Gb of password protected "Gentleman special interest" material...
Those who fail to learn history are doomed to repeat it. --- George Santayana (December 16, 1863 – September 26, 1952) Those who fail to clear history are doomed to explain it. --- OriginalGriff (February 24, 1959 – ∞)
-
"FinancialInformation2014Q1.zip" About 16Gb of password protected "Gentleman special interest" material...
Those who fail to learn history are doomed to repeat it. --- George Santayana (December 16, 1863 – September 26, 1952) Those who fail to clear history are doomed to explain it. --- OriginalGriff (February 24, 1959 – ∞)
-
Part of the daily routine (in between lounge sessions and coffee) has been looking in on my ftp server log files. It only takes a passing glance to see that the server has been attacked. I have seen dictionary attacks and brute force attacks on the Administrator account. This last episode which lasted for over almost two hours was the latter variety which always follows this pattern: Administrator - 1243 attempts Administrateur - 1243 attempts Administrador - 1242 attempts Administratore - 1244 attempts The server is running Server 2008 and of course IIS 7.5. IIS 8.0 offers a dynamic blocking feature for FTP, but that really is the only compelling reason I have to upgrade to Server 2012. I have searched high and low for a free utility for dynamic blacklisting for the FTP service. I even found source code for a utility that worked with Server 2003 but found that it was not compatible with 2K8. :sigh: On to plan B...get a list of all the IP address for a couple of countries and build a utility to import them into IIS. Plan B was a huge success, eliminating most of the attacks. Now, the ones that still get through are more an annoyance than anything. If it was still a major problem, I'd probably look into hosting the FTP service on nix, for which there is an open source lockdown utility available. Anyway, the point of posting this was that I was thinking that it might be fun to create a sort of Pandora's Box by creating a fake Administrator account with the password of something like 'password'. The ftp account's home folder could contain some fun content. Question: What useful content might you leave for a theif hacker? :laugh:
"Go forth into the source" - Neal Morse
A "not in my house" animated GIF.
You'll never get very far if all you do is follow instructions.
-
"FinancialInformation2014Q1.zip" About 16Gb of password protected "Gentleman special interest" material...
Those who fail to learn history are doomed to repeat it. --- George Santayana (December 16, 1863 – September 26, 1952) Those who fail to clear history are doomed to explain it. --- OriginalGriff (February 24, 1959 – ∞)
Hmmm... could the Tasmanian Devil be ZIPped? :cool:
You'll never get very far if all you do is follow instructions.
-
Part of the daily routine (in between lounge sessions and coffee) has been looking in on my ftp server log files. It only takes a passing glance to see that the server has been attacked. I have seen dictionary attacks and brute force attacks on the Administrator account. This last episode which lasted for over almost two hours was the latter variety which always follows this pattern: Administrator - 1243 attempts Administrateur - 1243 attempts Administrador - 1242 attempts Administratore - 1244 attempts The server is running Server 2008 and of course IIS 7.5. IIS 8.0 offers a dynamic blocking feature for FTP, but that really is the only compelling reason I have to upgrade to Server 2012. I have searched high and low for a free utility for dynamic blacklisting for the FTP service. I even found source code for a utility that worked with Server 2003 but found that it was not compatible with 2K8. :sigh: On to plan B...get a list of all the IP address for a couple of countries and build a utility to import them into IIS. Plan B was a huge success, eliminating most of the attacks. Now, the ones that still get through are more an annoyance than anything. If it was still a major problem, I'd probably look into hosting the FTP service on nix, for which there is an open source lockdown utility available. Anyway, the point of posting this was that I was thinking that it might be fun to create a sort of Pandora's Box by creating a fake Administrator account with the password of something like 'password'. The ftp account's home folder could contain some fun content. Question: What useful content might you leave for a theif hacker? :laugh:
"Go forth into the source" - Neal Morse
Wrong is evil and must be defeated. - Jeff Ello[^]
-
Wrong is evil and must be defeated. - Jeff Ello[^]
-
I presume you already have the material on hand?
It was broke, so I fixed it.
For an appropriate fee, I believe I could locate a source of such material, yes... :laugh:
Those who fail to learn history are doomed to repeat it. --- George Santayana (December 16, 1863 – September 26, 1952) Those who fail to clear history are doomed to explain it. --- OriginalGriff (February 24, 1959 – ∞)
-
Ha! Had to look that up! :laugh: Very funny! I now have my link and will implement. Thanks!
"Go forth into the source" - Neal Morse
Damn, a missed opportunity, I should have linked it and rickrolled you.
Wrong is evil and must be defeated. - Jeff Ello[^]
-
Part of the daily routine (in between lounge sessions and coffee) has been looking in on my ftp server log files. It only takes a passing glance to see that the server has been attacked. I have seen dictionary attacks and brute force attacks on the Administrator account. This last episode which lasted for over almost two hours was the latter variety which always follows this pattern: Administrator - 1243 attempts Administrateur - 1243 attempts Administrador - 1242 attempts Administratore - 1244 attempts The server is running Server 2008 and of course IIS 7.5. IIS 8.0 offers a dynamic blocking feature for FTP, but that really is the only compelling reason I have to upgrade to Server 2012. I have searched high and low for a free utility for dynamic blacklisting for the FTP service. I even found source code for a utility that worked with Server 2003 but found that it was not compatible with 2K8. :sigh: On to plan B...get a list of all the IP address for a couple of countries and build a utility to import them into IIS. Plan B was a huge success, eliminating most of the attacks. Now, the ones that still get through are more an annoyance than anything. If it was still a major problem, I'd probably look into hosting the FTP service on nix, for which there is an open source lockdown utility available. Anyway, the point of posting this was that I was thinking that it might be fun to create a sort of Pandora's Box by creating a fake Administrator account with the password of something like 'password'. The ftp account's home folder could contain some fun content. Question: What useful content might you leave for a theif hacker? :laugh:
"Go forth into the source" - Neal Morse
If you want hints, entertainment and Unix information, read 'Aggressive Network Self Defense' by Neil Wyler. :-D
-
Wrong is evil and must be defeated. - Jeff Ello[^]
too funny :-)
-
Part of the daily routine (in between lounge sessions and coffee) has been looking in on my ftp server log files. It only takes a passing glance to see that the server has been attacked. I have seen dictionary attacks and brute force attacks on the Administrator account. This last episode which lasted for over almost two hours was the latter variety which always follows this pattern: Administrator - 1243 attempts Administrateur - 1243 attempts Administrador - 1242 attempts Administratore - 1244 attempts The server is running Server 2008 and of course IIS 7.5. IIS 8.0 offers a dynamic blocking feature for FTP, but that really is the only compelling reason I have to upgrade to Server 2012. I have searched high and low for a free utility for dynamic blacklisting for the FTP service. I even found source code for a utility that worked with Server 2003 but found that it was not compatible with 2K8. :sigh: On to plan B...get a list of all the IP address for a couple of countries and build a utility to import them into IIS. Plan B was a huge success, eliminating most of the attacks. Now, the ones that still get through are more an annoyance than anything. If it was still a major problem, I'd probably look into hosting the FTP service on nix, for which there is an open source lockdown utility available. Anyway, the point of posting this was that I was thinking that it might be fun to create a sort of Pandora's Box by creating a fake Administrator account with the password of something like 'password'. The ftp account's home folder could contain some fun content. Question: What useful content might you leave for a theif hacker? :laugh:
"Go forth into the source" - Neal Morse
-
Part of the daily routine (in between lounge sessions and coffee) has been looking in on my ftp server log files. It only takes a passing glance to see that the server has been attacked. I have seen dictionary attacks and brute force attacks on the Administrator account. This last episode which lasted for over almost two hours was the latter variety which always follows this pattern: Administrator - 1243 attempts Administrateur - 1243 attempts Administrador - 1242 attempts Administratore - 1244 attempts The server is running Server 2008 and of course IIS 7.5. IIS 8.0 offers a dynamic blocking feature for FTP, but that really is the only compelling reason I have to upgrade to Server 2012. I have searched high and low for a free utility for dynamic blacklisting for the FTP service. I even found source code for a utility that worked with Server 2003 but found that it was not compatible with 2K8. :sigh: On to plan B...get a list of all the IP address for a couple of countries and build a utility to import them into IIS. Plan B was a huge success, eliminating most of the attacks. Now, the ones that still get through are more an annoyance than anything. If it was still a major problem, I'd probably look into hosting the FTP service on nix, for which there is an open source lockdown utility available. Anyway, the point of posting this was that I was thinking that it might be fun to create a sort of Pandora's Box by creating a fake Administrator account with the password of something like 'password'. The ftp account's home folder could contain some fun content. Question: What useful content might you leave for a theif hacker? :laugh:
"Go forth into the source" - Neal Morse
I'd leave them an "infinite zip file" with a very interesting name "creditcardnumbers.zip" or "bankdetails.zip" http://research.swtch.com/zip[^]
-
Part of the daily routine (in between lounge sessions and coffee) has been looking in on my ftp server log files. It only takes a passing glance to see that the server has been attacked. I have seen dictionary attacks and brute force attacks on the Administrator account. This last episode which lasted for over almost two hours was the latter variety which always follows this pattern: Administrator - 1243 attempts Administrateur - 1243 attempts Administrador - 1242 attempts Administratore - 1244 attempts The server is running Server 2008 and of course IIS 7.5. IIS 8.0 offers a dynamic blocking feature for FTP, but that really is the only compelling reason I have to upgrade to Server 2012. I have searched high and low for a free utility for dynamic blacklisting for the FTP service. I even found source code for a utility that worked with Server 2003 but found that it was not compatible with 2K8. :sigh: On to plan B...get a list of all the IP address for a couple of countries and build a utility to import them into IIS. Plan B was a huge success, eliminating most of the attacks. Now, the ones that still get through are more an annoyance than anything. If it was still a major problem, I'd probably look into hosting the FTP service on nix, for which there is an open source lockdown utility available. Anyway, the point of posting this was that I was thinking that it might be fun to create a sort of Pandora's Box by creating a fake Administrator account with the password of something like 'password'. The ftp account's home folder could contain some fun content. Question: What useful content might you leave for a theif hacker? :laugh:
"Go forth into the source" - Neal Morse
Get copies of some nasty viruses, name them something enticing, and let them have at it!
-
"FinancialInformation2014Q1.zip" About 16Gb of password protected "Gentleman special interest" material...
Those who fail to learn history are doomed to repeat it. --- George Santayana (December 16, 1863 – September 26, 1952) Those who fail to clear history are doomed to explain it. --- OriginalGriff (February 24, 1959 – ∞)
What about a zip bomb? Just for fun!! ;P
-
I'd leave them an "infinite zip file" with a very interesting name "creditcardnumbers.zip" or "bankdetails.zip" http://research.swtch.com/zip[^]
-
I'd leave them an "infinite zip file" with a very interesting name "creditcardnumbers.zip" or "bankdetails.zip" http://research.swtch.com/zip[^]
:laugh: Be careful, if a few of us did something like that it could potentially bring down the Internet ...
Espen Harlinn Principal Architect, Software - Goodtech Projects & Services AS Projects promoting programming in "natural language" are intrinsically doomed to fail. Edsger W.Dijkstra
-
Part of the daily routine (in between lounge sessions and coffee) has been looking in on my ftp server log files. It only takes a passing glance to see that the server has been attacked. I have seen dictionary attacks and brute force attacks on the Administrator account. This last episode which lasted for over almost two hours was the latter variety which always follows this pattern: Administrator - 1243 attempts Administrateur - 1243 attempts Administrador - 1242 attempts Administratore - 1244 attempts The server is running Server 2008 and of course IIS 7.5. IIS 8.0 offers a dynamic blocking feature for FTP, but that really is the only compelling reason I have to upgrade to Server 2012. I have searched high and low for a free utility for dynamic blacklisting for the FTP service. I even found source code for a utility that worked with Server 2003 but found that it was not compatible with 2K8. :sigh: On to plan B...get a list of all the IP address for a couple of countries and build a utility to import them into IIS. Plan B was a huge success, eliminating most of the attacks. Now, the ones that still get through are more an annoyance than anything. If it was still a major problem, I'd probably look into hosting the FTP service on nix, for which there is an open source lockdown utility available. Anyway, the point of posting this was that I was thinking that it might be fun to create a sort of Pandora's Box by creating a fake Administrator account with the password of something like 'password'. The ftp account's home folder could contain some fun content. Question: What useful content might you leave for a theif hacker? :laugh:
"Go forth into the source" - Neal Morse
kmoorevs wrote:
What useful content might you leave for a theif hacker? :laugh:
Back in college, a friend of mine was playing around with the compression code and figured out how to create very small files that could not be successfully uncompressed -- they required more space than the size of a disk. He used to leave them in his account as honeypots for unsuspecting budding college hackers. Make such a file and give it a name like it came from TurboTax and you'll catch them :)
We can program with only 1's, but if all you've got are zeros, you've got nothing.
-
kmoorevs wrote:
What useful content might you leave for a theif hacker? :laugh:
Back in college, a friend of mine was playing around with the compression code and figured out how to create very small files that could not be successfully uncompressed -- they required more space than the size of a disk. He used to leave them in his account as honeypots for unsuspecting budding college hackers. Make such a file and give it a name like it came from TurboTax and you'll catch them :)
We can program with only 1's, but if all you've got are zeros, you've got nothing.
I remember one called 42.zip
-
kmoorevs wrote:
What useful content might you leave for a theif hacker? :laugh:
Back in college, a friend of mine was playing around with the compression code and figured out how to create very small files that could not be successfully uncompressed -- they required more space than the size of a disk. He used to leave them in his account as honeypots for unsuspecting budding college hackers. Make such a file and give it a name like it came from TurboTax and you'll catch them :)
We can program with only 1's, but if all you've got are zeros, you've got nothing.
Thanks for all the suggestions! I decided to take the high road by leaving an old fashioned ReadMe.txt. 'Hacking is illegal. There is nothing to see here so move along. Repeated visits to this account will be reported for abuse. Have a nice day Administrator.' The Administrator account with password 'admin' has been set for read only and removed from all Windows User Groups. Also all settings for remote desktop have been disabled. Internal testing works as expected...no drag-drop, pasting, or creating content is allowed. It seems secure...I hope I haven't missed something. It would be pretty stupid if the gag backfired. :wtf:
"Go forth into the source" - Neal Morse
