0

Recently we notied that hackers are trying to hack our server, we have IP blocking softwares installed on our server but the thing is that, hacker is using dynamic ip addresses to try again and again...But we can see he is using the same machine to attack (log file shows different ip addresses but same machine name something like "Authentication failed for (ylmf-pc)"), Is it possible to block him by machine name too ? We are using CSF http://configserver.com/cp/csf.html

Note: I am not a server guy, i am programmer

Amit Patil
  • 119
  • 8
  • I dont know why its downvoted ?? I already said "I am not a server guy, i am programmer" – Amit Patil May 21 '13 at 11:38
  • 1
    For now, log the attackers origin (The IP's you already have), the time they attacks happened and contact the attackers ISP so they can kick him of the net. Other than that, @ronalchh is correct. Your system needs to be able to withstand an attack from any IP. All the attacker does should be log file pollution. – Hennes May 21 '13 at 12:58
  • I believe that attackers/hackers dont use real IPs (?) they user softwares (proxy servers) to hide there ip and location. – Amit Patil May 22 '13 at 02:40
  • Some do use proxies. Some use previously hacked hosts. Some are stupid and use their own host/IP. IN the latter case it is easy to identify them. And in the second case it is worth warning their ISP that one of their clients is compromised. – Hennes May 22 '13 at 12:10

1 Answers1

4

You should not rely on blocking specific IP addresses to mitigate hacking attempts. To make your system secure, it should be protected against hacking from ANY IP address. You should block access to all ports except for the ports which are used.

For example, when you provide a web service, allow port 80, and only allow it to communicate directly with a web server which is designed to be secure.

IP/user blocking is useful in protecting against denial of service attacks. But this may be regarded as an issue distinct from security issues.

To protect a website against hacking attempts, you must be careful in the code which you allow the public to access, for example, careful programming to prevent SQL injection, or authentication bugs. This is completely domain-specific. For example, a different set of skills may need to be applied to protect different web services, eg. ssh. Luckily, most pre-packaged software that you may use are usually carefully designed to be secure. You can help with this by updating applications you do use to the latest tiny release in the version you use.

ronalchn
  • 213
  • 3
  • 9
  • Thanks for the list of possible prevention methods. For blocking IPs we have installed Denyhost and one more software. Also we have changed all our codes to secure ourself from sql injections (using PDO classes). This morning our server support team get back to us telling they have also installed Rootkit hunters. They also suggested us to install "SSH PubkeyAuthentication". I hope all the above methods are enough to secure our sever (?). – Amit Patil May 22 '13 at 02:38