Can you do something to get ride of those ugly connections ?
Lost connection: c7052 from ec2-52-201-46-197.compute-1.amazonaws.com (client disconnected).
Lost connection: c7053 from ec2-52-201-46-197.compute-1.amazonaws.com (client disconnected).
Lost connection: c7054 from ec2-52-201-46-197.compute-1.amazonaws.com (client disconnected).
Thank you for submitting your abuse report. We have begun our investigation into the source of the activity or content you reported.
We've determined that an Amazon EC2 instance was running at the IP address you provided in your abuse report. We have reached out to our customer to determine the nature and cause of this activity or content in your report.
We will investigate your complaint to determine what additional actions, if any, need to be taken in this case. Due to our privacy and security policies, we cannot provide details regarding the resolution of this case, or the identity of our customer. We may notify you during our investigation if our customer requires more information from you to complete their troubleshooting of the issue. Our customer may reply stating that the activity or content is expected and instructions on how to prevent the activity or manually remove the content, as well. If you wish to provide additional information to us or our customer regarding this case, please reply to this email.
Please note that if we determine the activity or content to not be abusive, we will notify you and resolve the case; we may refrain from communicating further, in that case.
We will notify you once this case has been marked resolved. Thank you for alerting us to this issue.
Just out of interest.... Is the Longturn host server shared with something that might be worth hacking?
Looks like someone just found an open port on a server/ip, that they are targeting for another reason, and have been trying to find a working username for whatever they think the service is.
If they where actually trying to hack LT (Who would want to?) it would be a lot faster to use one of our publicly available usernames
once I set up a kamilio server, and one week after sitting there on the web...
a continuous ping 1second interval appeared ... even with a message attached to it like "I am a friendly ping"!... such an anodin message.
and then, like the apprentice sorcerer and its brooms... more appeared from other hosts... but always at the same rate.
filtering the host would only make it angry and try harder than 1s/ping to the limit of the DOS, in fact we do not know what twisted algorithme is at work !
who ever made this fishing software is up to no good.
I think, like the coucou, it is looking to breach and make this LT server another "pinging" host...
if not , convert it to a stronghold for striking another site !
I guess it is because the login is not done through a stronger software filtering the spam right from the port; like say wrapped with "ssh"?
as you might have noticed at the start of the game, the bot could not enter at all, but now I read sometimes it reaches a second stage of login...
it must have found a valid user name at this stage.
I guess with our weak and clear md5 passwords it is a matter of time to exploit freeciv-server security bugs and convert the machine !
wieder I hope for you, to have partitionned and backup your server from the rest. maybe a chroot /vm /xen /dedicated hardware or so are enough?
Last edited by ptizoom on Wed Sep 20, 2017 6:48 am, edited 1 time in total.
