Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 06:13:01 <Who-m3> What happened with your ZNC?
- 06:13:10 <Who-m3> And is it still connected right now?
- 06:14:48 <Foxy> not able to do any commands
- 06:14:57 <Foxy> can't identify to service
- 06:15:07 <Foxy> can't join any channels
- 06:15:16 <Foxy> i had no problem until a night/day ago
- 06:15:34 <Who-m3> What hostname is it using?
- 06:15:47 <Foxy> i'm connecting with it now
- 06:15:55 <Foxy> or trying to
- 06:17:00 <Foxy> <*status> Connection Refused. Reconnecting...
- 06:17:16 <Who-m3> I need an IP so I can look at some things from my side
- 06:17:35 <Foxy> 51.75.64.252
- 06:17:46 <Who-m3> Give me a moment
- 06:19:46 <Who-m3> See if you canc onnect now please
- 06:20:30 <Who-m3> Please see if your ZNC can connect now. (rather)
- 06:21:28 <Who-m3> It looks like the IP was blocked at the server level as part of an OVH block from an attack recently. I've added exceptions to the firewall for your IP to see if that helps resolve the issue.
- 06:22:34 <Who-m3> (It was nothing personal, I just had two of my boxes see a drastic influx of brute force attacks from ~ 10 IPs on the 51.75.64.0 block shortly after Christmas.
- 06:23:46 <Foxy> so i was blocked?
- 06:24:21 <Who-m3> The BNC IP was blocked at the server level because it was part of that block
- 06:24:34 <Who-m3> You should have an exception now in my firewall
- 06:24:51 <Foxy> so you or who ever didnt check to see if it affected any users before doing so
- 06:25:29 <Who-m3> When I take action to protect my Servers, no the IRC Network, from brute force attacks, I don't care who it effects on the IRC Network. The security of the Server itself is more important to me.
- 06:26:49 <Who-m3> OVH, the datacenter that houses your BNC, does not do adequate work to protect others from brute force attacks. When I see an increase in brute force attacks on my servers, be it servers used here for IRC, or elsewhere for other aspects of my business, I am going to take action to protect them.
- 06:27:28 <Who-m3> I'm sorry if it impacted your BNC. I've added an exception to the firewall for it now. However, if it's an issue, I'll be happy to remove that exception and you can use another BNC to connect.
- 06:28:54 <Foxy> so in other words block me from doing my job as a game mod
- 06:29:02 <Who-m3> No
- 06:29:32 <Foxy> like i said there was no issue until ryu called all his people into a secret channel
- 06:29:57 <Who-m3> In other words, protect MY business. The fact that you were impacted has no relevance to my business. My business is to make money. When OVH fails to prevent abuse on their servers, which your BNC is housed on, I must protect my business.
- 06:30:04 <Foxy> to discuss getting at me for being ahead of him in the game
- 06:30:05 <Who-m3> I have no idea what you're talking about any secret channels on
- 06:30:14 <Foxy> okay
- 06:30:23 <Who-m3> If you check the logs on the game, you'll see I rarely do anything with it anymore.
- 06:30:31 <Foxy> yep i know
- 06:30:48 <Who-m3> However, I am responsible for the servers. Not just the IRC Servers, but the operation of the physical servers that house them as well.
- 06:30:54 <Foxy> but do you see why it would look like that?
- 06:30:56 <Who-m3> So when my physical servers are being attacked, I take action.
- 06:31:16 <Who-m3> I can see where you would get frustrated and think that. However, I was not aware of any issues with any secret channels.
- 06:31:29 <Who-m3> In all honesty, I /detach the #pirates channel 99% of the time.
- 06:31:31 <Foxy> okay
- 06:32:16 <Foxy> i'm not aware of any attack on the day i first notice the issue
- 06:32:25 <Foxy> but okay
- 06:32:45 <Who-m3> How would you know of any attack from IPs on the same network your ZNC is on to boxes in the outside world?
- 06:33:36 <Foxy> no i was saying i didn' see any visible attacks
- 06:33:40 <Foxy> no netsplits
- 06:33:44 <Who-m3> Brute force attacks on SSHd, regardless of the port, don't show up for other users on a /24 block. Unless you've got TCPdump running as root, you wouldn't have a way to know someone on the box, or another box on the same IP block, is connecting out multiple times.
- 06:33:54 <Foxy> ah i see
- 06:34:05 <Who-m3> Brute Force isn't DDOS
- 06:34:11 <Foxy> makes me wanna check my logs now
- 06:34:15 <Who-m3> https://en.wikipedia.org/wiki/Brute-force_attack
- 06:34:27 <Foxy> another form of hacking
- 06:34:35 <Who-m3> If you're not running fail2ban, bfd, or another system for your firewall, you should
- 06:35:07 <Who-m3> 2020-12-30 07:34:46,979 fail2ban.filter [5544]: INFO [sshd] Found 42.192.182.169 - 2020-12-30 07:34:46
- 06:35:07 <Who-m3> 2020-12-30 07:34:49,832 fail2ban.filter [5544]: INFO [sshd] Found 49.234.209.124 - 2020-12-30 07:34:49
- 06:35:07 <Who-m3> 2020-12-30 07:34:51,869 fail2ban.filter [5544]: INFO [sshd] Found 49.234.209.124 - 2020-12-30 07:34:51
- 06:35:07 <Who-m3> 2020-12-30 07:34:56,354 fail2ban.filter [5544]: INFO [sshd] Found 83.15.108.140 - 2020-12-30 07:34:56
- 06:35:27 <Who-m3> attempts at brute force on one of my boxes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement