API tools faq
paste
Advertisement
LoveAbleElf

who-me

LoveAbleElf
Dec 30th, 2020
47
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.91 KB | None | 0 0
raw download clone embed print report
  1. 06:13:01 <Who-m3> What happened with your ZNC?
  2. 06:13:10 <Who-m3> And is it still connected right now?
  3. 06:14:48 <Foxy> not able to do any commands
  4. 06:14:57 <Foxy> can't identify to service
  5. 06:15:07 <Foxy> can't join any channels
  6. 06:15:16 <Foxy> i had no problem until a night/day ago
  7. 06:15:34 <Who-m3> What hostname is it using?
  8. 06:15:47 <Foxy> i'm connecting with it now
  9. 06:15:55 <Foxy> or trying to
  10. 06:17:00 <Foxy> <*status> Connection Refused. Reconnecting...
  11. 06:17:16 <Who-m3> I need an IP so I can look at some things from my side
  12. 06:17:35 <Foxy> 51.75.64.252
  13. 06:17:46 <Who-m3> Give me a moment
  14. 06:19:46 <Who-m3> See if you canc onnect now please
  15. 06:20:30 <Who-m3> Please see if your ZNC can connect now. (rather)
  16. 06:21:28 <Who-m3> It looks like the IP was blocked at the server level as part of an OVH block from an attack recently. I've added exceptions to the firewall for your IP to see if that helps resolve the issue.
  17. 06:22:34 <Who-m3> (It was nothing personal, I just had two of my boxes see a drastic influx of brute force attacks from ~ 10 IPs on the 51.75.64.0 block shortly after Christmas.
  18. 06:23:46 <Foxy> so i was blocked?
  19. 06:24:21 <Who-m3> The BNC IP was blocked at the server level because it was part of that block
  20. 06:24:34 <Who-m3> You should have an exception now in my firewall
  21. 06:24:51 <Foxy> so you or who ever didnt check to see if it affected any users before doing so
  22. 06:25:29 <Who-m3> When I take action to protect my Servers, no the IRC Network, from brute force attacks, I don't care who it effects on the IRC Network. The security of the Server itself is more important to me.
  23. 06:26:49 <Who-m3> OVH, the datacenter that houses your BNC, does not do adequate work to protect others from brute force attacks. When I see an increase in brute force attacks on my servers, be it servers used here for IRC, or elsewhere for other aspects of my business, I am going to take action to protect them.
  24. 06:27:28 <Who-m3> I'm sorry if it impacted your BNC. I've added an exception to the firewall for it now. However, if it's an issue, I'll be happy to remove that exception and you can use another BNC to connect.
  25. 06:28:54 <Foxy> so in other words block me from doing my job as a game mod
  26. 06:29:02 <Who-m3> No
  27. 06:29:32 <Foxy> like i said there was no issue until ryu called all his people into a secret channel
  28. 06:29:57 <Who-m3> In other words, protect MY business. The fact that you were impacted has no relevance to my business. My business is to make money. When OVH fails to prevent abuse on their servers, which your BNC is housed on, I must protect my business.
  29. 06:30:04 <Foxy> to discuss getting at me for being ahead of him in the game
  30. 06:30:05 <Who-m3> I have no idea what you're talking about any secret channels on
  31. 06:30:14 <Foxy> okay
  32. 06:30:23 <Who-m3> If you check the logs on the game, you'll see I rarely do anything with it anymore.
  33. 06:30:31 <Foxy> yep i know
  34. 06:30:48 <Who-m3> However, I am responsible for the servers. Not just the IRC Servers, but the operation of the physical servers that house them as well.
  35. 06:30:54 <Foxy> but do you see why it would look like that?
  36. 06:30:56 <Who-m3> So when my physical servers are being attacked, I take action.
  37. 06:31:16 <Who-m3> I can see where you would get frustrated and think that. However, I was not aware of any issues with any secret channels.
  38. 06:31:29 <Who-m3> In all honesty, I /detach the #pirates channel 99% of the time.
  39. 06:31:31 <Foxy> okay
  40. 06:32:16 <Foxy> i'm not aware of any attack on the day i first notice the issue
  41. 06:32:25 <Foxy> but okay
  42. 06:32:45 <Who-m3> How would you know of any attack from IPs on the same network your ZNC is on to boxes in the outside world?
  43. 06:33:36 <Foxy> no i was saying i didn' see any visible attacks
  44. 06:33:40 <Foxy> no netsplits
  45. 06:33:44 <Who-m3> Brute force attacks on SSHd, regardless of the port, don't show up for other users on a /24 block. Unless you've got TCPdump running as root, you wouldn't have a way to know someone on the box, or another box on the same IP block, is connecting out multiple times.
  46. 06:33:54 <Foxy> ah i see
  47. 06:34:05 <Who-m3> Brute Force isn't DDOS
  48. 06:34:11 <Foxy> makes me wanna check my logs now
  49. 06:34:15 <Who-m3> https://en.wikipedia.org/wiki/Brute-force_attack
  50. 06:34:27 <Foxy> another form of hacking
  51. 06:34:35 <Who-m3> If you're not running fail2ban, bfd, or another system for your firewall, you should
  52. 06:35:07 <Who-m3> 2020-12-30 07:34:46,979 fail2ban.filter [5544]: INFO [sshd] Found 42.192.182.169 - 2020-12-30 07:34:46
  53. 06:35:07 <Who-m3> 2020-12-30 07:34:49,832 fail2ban.filter [5544]: INFO [sshd] Found 49.234.209.124 - 2020-12-30 07:34:49
  54. 06:35:07 <Who-m3> 2020-12-30 07:34:51,869 fail2ban.filter [5544]: INFO [sshd] Found 49.234.209.124 - 2020-12-30 07:34:51
  55. 06:35:07 <Who-m3> 2020-12-30 07:34:56,354 fail2ban.filter [5544]: INFO [sshd] Found 83.15.108.140 - 2020-12-30 07:34:56
  56. 06:35:27 <Who-m3> attempts at brute force on one of my boxes
  57.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!