please firewall !

Finished (team)
Post Reply
User avatar
sokrat
Member
Posts: 21
Joined: Thu Jan 01, 1970 12:00 am

please firewall !

Post by sokrat »

Hi venerable Admin,

Can you do something to get ride of those ugly connections ?

Lost connection: c7052 from ec2-52-201-46-197.compute-1.amazonaws.com (client disconnected).
Lost connection: c7053 from ec2-52-201-46-197.compute-1.amazonaws.com (client disconnected).
Lost connection: c7054 from ec2-52-201-46-197.compute-1.amazonaws.com (client disconnected).

They're ruining the chat of LT38 :(
User avatar
cgalik
Member
Posts: 279
Joined: Thu Jan 01, 1970 12:00 am

Post by cgalik »

I second that. Not sure if it's possible, but that would be great.
wieder
Member
Posts: 1781
Joined: Thu Jan 01, 1970 12:00 am

Post by wieder »

Made an abuse report about this to amazonaws.com

Let's see if they can make it to stop.
wieder
Member
Posts: 1781
Joined: Thu Jan 01, 1970 12:00 am

Post by wieder »

Hello,

Thank you for submitting your abuse report. We have begun our investigation into the source of the activity or content you reported.

We've determined that an Amazon EC2 instance was running at the IP address you provided in your abuse report. We have reached out to our customer to determine the nature and cause of this activity or content in your report.

We will investigate your complaint to determine what additional actions, if any, need to be taken in this case. Due to our privacy and security policies, we cannot provide details regarding the resolution of this case, or the identity of our customer. We may notify you during our investigation if our customer requires more information from you to complete their troubleshooting of the issue. Our customer may reply stating that the activity or content is expected and instructions on how to prevent the activity or manually remove the content, as well. If you wish to provide additional information to us or our customer regarding this case, please reply to this email.

Please note that if we determine the activity or content to not be abusive, we will notify you and resolve the case; we may refrain from communicating further, in that case.

We will notify you once this case has been marked resolved. Thank you for alerting us to this issue.

Regards,
AWS Abuse Team
User avatar
ptizoom
Member
Posts: 50
Joined: Thu Jan 01, 1970 12:00 am

Post by ptizoom »

they are really covering themselvesby using complicated terms !
Corbeau
Member
Posts: 990
Joined: Thu Jan 01, 1970 12:00 am

Post by Corbeau »

This looks like an automated response.
wieder
Member
Posts: 1781
Joined: Thu Jan 01, 1970 12:00 am

Post by wieder »

Maybe automated but not 100% automated since I got the reply 4 days after reporting about the problem.
User avatar
Lord_P
Member
Posts: 123
Joined: Thu Jan 01, 1970 12:00 am

Post by Lord_P »

Just out of interest.... Is the Longturn host server shared with something that might be worth hacking?
Looks like someone just found an open port on a server/ip, that they are targeting for another reason, and have been trying to find a working username for whatever they think the service is.
If they where actually trying to hack LT (Who would want to?) it would be a lot faster to use one of our publicly available usernames :P
Corbeau
Member
Posts: 990
Joined: Thu Jan 01, 1970 12:00 am

Post by Corbeau »

I'd say it's a virus.
User avatar
ptizoom
Member
Posts: 50
Joined: Thu Jan 01, 1970 12:00 am

Post by ptizoom »

Lord_P, Wieder, Corbeau et al,

once I set up a kamilio server, and one week after sitting there on the web...
a continuous ping 1second interval appeared ... even with a message attached to it like "I am a friendly ping"!... such an anodin message.
and then, like the apprentice sorcerer and its brooms... more appeared from other hosts... but always at the same rate.
filtering the host would only make it angry and try harder than 1s/ping to the limit of the DOS, in fact we do not know what twisted algorithme is at work !

who ever made this fishing software is up to no good.
I think, like the coucou, it is looking to breach and make this LT server another "pinging" host...
if not , convert it to a stronghold for striking another site !

I guess it is because the login is not done through a stronger software filtering the spam right from the port; like say wrapped with "ssh"?

as you might have noticed at the start of the game, the bot could not enter at all, but now I read sometimes it reaches a second stage of login...
it must have found a valid user name at this stage.

I guess with our weak and clear md5 passwords it is a matter of time to exploit freeciv-server security bugs and convert the machine !
wieder I hope for you, to have partitionned and backup your server from the rest. maybe a chroot /vm /xen /dedicated hardware or so are enough?
Last edited by ptizoom on Wed Sep 20, 2017 6:48 am, edited 1 time in total.
User avatar
cgalik
Member
Posts: 279
Joined: Thu Jan 01, 1970 12:00 am

Post by cgalik »

Thanks, akfaew!
Marduk
Member
Posts: 81
Joined: Thu Jan 01, 1970 12:00 am

Post by Marduk »

Yea thanks man!

Recently web-longturn (Andreas) also got hacked, could it be related?
Post Reply