New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
This guy attacked me since I bought a server
This guy ... attacked me since I bought a server.
I did buy a server in Racknerd
and this guy 172.21.0.3 has been attacking me since December last year, provoking a unwanted consumption of my bandwidth stated in my contract of the VPS contract..
then I hardened the http server and the guy is not able to inject commands to scan others IPs from my http... is like nginx ingress nightmare attack.
Screenshot of attack: https://ibb.co/bjKk7JP4
Comments
You should've mentioned that it is from Reddit
Erm...
The attacker is from reddit!? Give me his name or I'll have you arrested.
I hope no rules are violated if I link Reddit thread myself
https://www.reddit.com/r/VPS/comments/1os9wfp/this_guy_attacked_me_since_i_bought_a_server/
This is why I use centos
CentOS is still highly vulnerable to attack from 172.21.0.3 I would instead recommend Windows Server 2019 or lower or if you have too - Mac OS X Server
I think I'm going to have a seizure
Dont harden the http server. You need to soften it. When it soft, it become spongy to bounce the attack! Profit!!1
Beating myself up over this one
For a moment I thought @jar 's account had been hacked
thats calls for an exorcist
The comments were better on reddit
Windows Server 2008 Pre R2 is actually far far more superior than both of the above! Also, since it didn't include the ability to upgrade to R2 - you're much more likely to avoid said vulnerabilities!!
Temple OS has full protection from 172.21.0.3 attack
It's not us.
Please contact the abuse email as listed in RIPE database.
Windows Home Server is superior to all of these, it's so obscure that today's skript kiddies don't understand what it is
Wait, I think this guy also attack one of my application too.
How do these guys bypass a reputed WAF?
does that consume bandwidth?
Enable IPv6. Disable IPv4.
Attacker can no longer attack from 172.21.0.3 .
Case closed.
Private IP, hmm looks like an insider attack. Delete all insiders by running sudo rm -rf /* everyday on cron.
--preserve-root
They never attack again since day 1 of cron
De-install http server.
Dark humor?
Clearly you need to assert dominance and attack back. Fire up the LOIC.
Can someone explain for newbies like me?
Don't take any chances! You should block 0.0.0.0/0 so that no one can hack you.
The "guys" IP (172.21.0.3) is a local address. It's like being attacked from 192.168.0.1.