SIGforum
More and more hacking attempts on my websites.

This topic can be found at:
https://sigforum.com/eve/forums/a/tpc/f/320601935/m/4750072974

February 03, 2021, 06:34 AM
mark123
More and more hacking attempts on my websites.
I got an alert last night telling me that someone in Ukraine (or just as likely someone using an IP from Ukraine) really wants into my website.

quote:
Firewall has blocked 273 attacks over the last 10 minutes.
I mostly let it handle blocking without sending emails every time because it's usually 30 a day but this one was big enough that the alert came through.

What is the possible draw? I don't get it. There's nothing to gain. I've added Ukraine to my blocked country list.
February 03, 2021, 06:38 AM
WaterburyBob
Any machine they can hack into has potential. They don't know what they will find, they just want to explore the potential goodies they can steal, or just plant some ransom ware to try to make money.


"If Gun Control worked, Chicago would look like Mayberry, not Thunderdome" - Cam Edwards
February 03, 2021, 06:41 AM
gearhounds
Could be nothing more than trying to install ransomware so you have to pay to get it back up and running. You’re probably just one person on a long list the perp is running.



“Remember to get vaccinated or a vaccinated person might get sick from a virus they got vaccinated against because you’re not vaccinated.” - author unknown
February 03, 2021, 01:34 PM
apprentice
Any chance you're good enough to write code that immediately counter attacks? "Hi I'm Czar Nicholas's great nephew..."

'Cuz that would be worth the popcorn Big Grin
February 03, 2021, 04:23 PM
mark123
quote:
Originally posted by apprentice:
Any chance you're good enough to write code that immediately counter attacks? "Hi I'm Czar Nicholas's great nephew..."

'Cuz that would be worth the popcorn Big Grin
I kind of want to make a fake login page that keeps them occupied for a while by letting them in to a fake backend.
February 03, 2021, 04:37 PM
cjevans
quote:
Originally posted by mark123:
I kind of want to make a fake login page that keeps them occupied for a while by letting them in to a fake backend.


Like a honeypot.

Regardless of viewpoints of enticement or entrapment, it will provide a better scope of the attack vector and actors interested.

Then again, do you really want to draw more attention?

What does your web hosting provider reveal to you in the web site audit/activity logs?
Are they actively monitoring?

All part of today's web page activities ... Smile


We are all born ignorant, but one must work hard to remain stupid." ~ Benjamin Franklin.

"If anyone in this country doesn't minimise their tax, they want their head read, because as a government, you are not spending it that well, that we should be donating extra...:
Kerry Packer

SIGForum: the island of reality in an ocean of diarrhoea.
February 03, 2021, 04:50 PM
mark123
quote:
Originally posted by cjevans:
quote:
Originally posted by mark123:
I kind of want to make a fake login page that keeps them occupied for a while by letting them in to a fake backend.

Like a honeypot.
yeah, but I'm not going to program it, I'll just make a login that goes to Yandex or something.
February 03, 2021, 04:52 PM
HRK
have it go to the FBI Cybercrimes Home page... Slugheads!