#1 11.09.2017 19:42:22

sokrat
Player
Posts: 20

please firewall !

Hi venerable Admin,

Can you do something to get ride of those ugly connections ?

Lost connection: c7052 from ec2-52-201-46-197.compute-1.amazonaws.com (client disconnected).
Lost connection: c7053 from ec2-52-201-46-197.compute-1.amazonaws.com (client disconnected).
Lost connection: c7054 from ec2-52-201-46-197.compute-1.amazonaws.com (client disconnected).

They're ruining  the chat of LT38 sad

Offline

#2 11.09.2017 20:57:45

cgalik
Player
From: Chicago
Posts: 180

Re: please firewall !

I second that. Not sure if it's possible, but that would be great.

Offline

#3 15.09.2017 13:31:07

wieder
Administrator
Posts: 950

Re: please firewall !

Made an abuse report about this to amazonaws.com

Let's see if they can make it to stop.

Offline

#4 19.09.2017 07:51:13

wieder
Administrator
Posts: 950

Re: please firewall !

Hello,

Thank you for submitting your abuse report. We have begun our investigation into the source of the activity or content you reported.

We've determined that an Amazon EC2 instance was running at the IP address you provided in your abuse report. We have reached out to our customer to determine the nature and cause of this activity or content in your report.

We will investigate your complaint to determine what additional actions, if any, need to be taken in this case. Due to our privacy and security policies, we cannot provide details regarding the resolution of this case, or the identity of our customer. We may notify you during our investigation if our customer requires more information from you to complete their troubleshooting of the issue. Our customer may reply stating that the activity or content is expected and instructions on how to prevent the activity or manually remove the content, as well. If you wish to provide additional information to us or our customer regarding this case, please reply to this email.

Please note that if we determine the activity or content to not be abusive, we will notify you and resolve the case; we may refrain from communicating further, in that case.

We will notify you once this case has been marked resolved. Thank you for alerting us to this issue.

Regards,
AWS Abuse Team

Offline

#5 19.09.2017 10:54:14

ptizoom
Player
Posts: 7

Re: please firewall !

they are really covering themselvesby using complicated terms !

Offline

#6 19.09.2017 10:56:32

Corbeau
Player
Posts: 292

Re: please firewall !

This looks like an automated response.

Offline

#7 19.09.2017 12:42:05

wieder
Administrator
Posts: 950

Re: please firewall !

Maybe automated but not 100% automated since I got the reply 4 days after reporting about the problem.

Offline

#8 19.09.2017 14:33:46

Lord_P
Player
Posts: 131

Re: please firewall !

Just out of interest.... Is the Longturn host server shared with something that might be worth hacking?
Looks like someone just found an open port on a server/ip, that they are targeting for another reason, and have been trying to find a working username for whatever they think the service is.
If they where actually trying to hack LT (Who would want to?) it would be a lot faster to use one of our publicly available usernames tongue

Offline

#9 19.09.2017 15:53:25

Corbeau
Player
Posts: 292

Re: please firewall !

I'd say it's a virus.

Offline

#10 20.09.2017 06:47:13

ptizoom
Player
Posts: 7

Re: please firewall !

Lord_P, Wieder, Corbeau  et al,

once I set up a kamilio server, and one week after sitting there on the web...
a continuous ping 1second interval  appeared ... even with a message attached to it like "I am a friendly ping"!... such  an anodin message.
and then, like the apprentice sorcerer and its brooms... more appeared from other hosts... but always at the same rate.
filtering the host would only make it angry and try harder than 1s/ping to the limit of the DOS, in fact we do not know what twisted algorithme is at work !

who ever made this fishing software is up to no good.
I think, like the coucou, it is looking to breach and make this LT server another "pinging" host...
if not , convert it to a stronghold for striking another site !

I guess it is because the login is not done through a stronger software filtering the spam right from the port; like say wrapped with "ssh"?

as you might have noticed at the start of the game, the bot could not enter at all, but now I read sometimes it reaches a second stage of login...
it must have found a valid user name at this stage.

I guess with our weak and clear md5 passwords it is a matter of time to exploit freeciv-server security bugs and convert the machine !
wieder I hope for you, to have partitionned and backup your server from the rest. maybe a chroot /vm /xen /dedicated hardware or so are enough?

Last edited by ptizoom (20.09.2017 06:48:51)

Offline

#11 21.09.2017 15:07:06

akfaew
Administrator
Posts: 620

Re: please firewall !

I don't know what that was, but since it didn't want to stop I blocked it on the firewall.

Offline

#12 21.09.2017 16:50:47

cgalik
Player
From: Chicago
Posts: 180

Re: please firewall !

Thanks, akfaew!

Offline

#13 23.09.2017 08:32:19

Marduk
Administrator
From: Rotterdam, Netherlands
Posts: 150

Re: please firewall !

Yea thanks man!

Recently web-longturn (Andreas) also got hacked, could it be related?

Offline

Board footer

Powered by FluxBB