moonlight_mile Posted April 20, 2021 Share Posted April 20, 2021 I don't know if anyone cares, but I started a little text file of suspected Hacker IP addresses. I culled these addresses from the Busy BBS output. I checked the country of origin and they are china, Russia and Turkey. I just downloaded the log from busy bbs from the past few days, I still need to go through it but I am hoping not too many hacker ips are on it. I have since then blocked the IP addresses in the windows firewall. Feel free to add to the list or use the list for your own bbs. Maybe at some point we can format it nicely and put it somewhere, where sysops of all kinds can contribute to it, but for now, it is just a bare bones text files with the info needed. Blocked IPs.txt 1 Link to comment Share on other sites More sharing options...
Tillek Posted April 21, 2021 Share Posted April 21, 2021 So just to clarify... are these "hackers" who look to be trying to gain access? Or "bots" who just call/hang up, spew garbage characters, etc? I actually would like to maintain a list so we can put them into our firewalls or whatnot. Link to comment Share on other sites More sharing options...
+x=usr(1536) Posted April 21, 2021 Share Posted April 21, 2021 1 hour ago, Tillek said: So just to clarify... are these "hackers" who look to be trying to gain access? Or "bots" who just call/hang up, spew garbage characters, etc? In all likelihood, what you're seeing is effectively the background noise of the Internet. 99.99999% of it is going to be automated tools looking for vulnerabilities; the remainder is someone actually actively at a keyboard. My recommendation: don't bother with an IP list. The idea has merit, but given how rapidly the sources of these problems (assuming that they're legitimate sources to begin with) change, keeping the list updated would be a full-time job. Even then, its accuracy wouldn't be the greatest. My best suggestion: run pfsense or similar as a firewall. Familiarise yourself with its Intrusion Detection and Intrusion Prevention System (IDS / IPS) capabilities, and configure it to automatically block unwanted traffic for a set period of time - say, 15 minutes. That'll prevent automated tools from being useful, frustrate anyone trying to actively exploit any vulnerabilities you may have facing the Internet, and take the load off of you to keep updating a list. 1 1 Link to comment Share on other sites More sharing options...
moonlight_mile Posted April 21, 2021 Author Share Posted April 21, 2021 These were most likely bots. But over about a week the ip addresses repeat so I’m not sure what the situation is. But I do like the pfsense idea. I’ll have to look into it. 1 Link to comment Share on other sites More sharing options...
Recommended Posts