It’s difficult to document the exploits of a hacker without giving that person more attention than they deserve, but i’ll try.
Last night my server was infiltrated by what I believe to be a brute force attack on port 22 (ssh). I was running port 22 wide open (un filtered) because I assumed my password was strong enough to resist – regardless, the attacker got entry.
I won’t give many details as to his actions on my server or my countermeasures – I believe I am secure now, primarily by rebuilding from a pre-infiltration backup and by completely shutting down port 22 to external access.
The hacker dialed in from 208.72.130.213 which turns out to be a Birmingham, Alabama company called Teklinks.com. The true origin of the attack appears to be Turkey, based on the nature of the hack.
I won’t post the file (but i will share it on request) – the hacker replaced my index.php & inex.* files with a Frontpage generated page titled “Hacked by the Resitance”. The index file has links to imageshack jpg’s and an audio file from http://www.ulkuocaklari.org.tr/muzik/atillayilmaz/02.wma .
Anyone have similar experiences?
Incoming search terms:
- hacked sivilharekat
- hacked by sivilharekat org
I have had similar experience wih one of m clients. They have IIS and attacker from Brazil gained access and posted some asp files. more of a nuisance more than anything as they did not actually have shell or desktop access.
Did your attacker gain root access?
I need ssh open but I take a number of measures including a sturdy firewall up front with vpn access.
I would be interested in seeing the files you have
-DteK