Hack attacks

[jdow]

On 2012/11/19 01:14, Roger wrote:
> On 11/19/2012 05:02 PM, Brian West wrote:
>> On 11/19/2012 12:28 AM, NOSpaze wrote:
>>> On Mon, 2012-11-19 at 10:16 +1100, Roger wrote:
>>>> Is there any way to trace ip addresses back past the originating ISP.
>>>> I've been using whois but it seems limited.
>>> Could mtr be of any help?
>>
>> ISP and a rough location is all your going to get my friend some of the IP
>> lookup sites like whatismyip.com will give you country state and city info but
>> nothing beyond that. if your under attacjk consider installing a firewall with
>> a brute force ban script.
> Thanks
> Haven't got to the brute force attack yet. Server is very well protected  and
> Drupal 7, after 5 unsuccessful log in attempts locks out the particular address
> for 4-6 hours, I can increase this as needed.

Enh - one try -> several minute lockout for that address's subsequent tries,
successful or not. It's a simple iptables trick so it's instant acting, too.
Particularly persistent pissants get locked out totally. Some have tried as
many as 25,000 times after the door slams shut.

I have fun figuring out who is sending these attacks, though. Sometimes it
has come from law firms and companies specializing in security. I send
those guys polite notes about being hacked. I send it to both their
technical and "contact us" addresses so the back office IT people* feel
the appropriate heat from the front office.

{^_-}

* If there really ARE any back office IT people and not a general partner's
14 year old son.