New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
am under attack!
It seems someone is trying to hack me!. should i attack em back? Should i contact the isp (Which is in korea)
Any ideas what i can do? or is it nowt to be worried about? btw iptables filter dunt work
Comments
Why won't the IPTables filter work?
Get them null routed at DC level.
Pull out your power cable and hide in a bomb shelter.
Dunt seem to be in the kernel. And its @ Home
fail2ban automatically banned them for me.
Also contact the abuse department of that ISP (try using this form: http://www.kisa.or.kr/eng/contactUs/contactUs.jsp). Sorry that's all I can help, I'm not the best when it comes to reading Korean.
Doesnt seem to be installed
And tried that but i get a security error when i try to submit.
I use APF and BSD. It has turned out to be very handy dandy for me.
I'd say turn off your affected system for now and wait a few hours then turn it back on and immediately do a virus scan. Then look into fail2ban. I'll continue looking up the abuse contact then from here
Try e-mailing 118[[at]]kisa.or.kr with your abuse report. I'm not too sure if that's the right department but atleast it'll get it to someone.
OK, is this a linux system?
Do: ip route add blackhole 58.75.190.250
Do: ip route add blackhole 58.75.190.250
that didnt work
Linux 2.6.24.4 #1 Thu Apr 1 16:43:58 CST 2010 armv5tejl unknown
So your Raspberry PI is under attack?
change port?
it seems to be the chinese tablets/netbooks, not the RPi
@DanielM ip route add 58.75.190.250 dev lo
No its a MBWE
@netomx
not possible because of the setup
I might try and update the kernel some how.
Oh mess!
Block them at your router?
This. Was just about to post the same response.
@DanielM what is a MBWE?
the router aint that smart lol. its shitty. Only has a few features.
MBWE = My Book World Edition
Ok, does this linux knockoff have an /etc/hosts.deny ?
If yes, add ALL: 58.75.190.250 to it
And why does your device have a real IP in the first place?
I think that might have sorted it.. rather that or my responce to the attack.
@DanielM being as techy as you are I figured you would have a router running DDWRT.
Not that i can see :L
On my other connection i do i have several haha
try installing DDWRT over it
EDIT: Damn too late
You should setup a SSH Honeypot to see what they want to do.
lol didnt know about that until now... haha it should be fun to make that to any password and check what do the bots want to do xD
@Daniel that's if you have enough time on your hands.
Not necessary. i doubt he will try it again. after my responce