Are you suffering attacks to your servers?
Dan Morphis
dan at milkcarton.com
Wed Jul 27 12:08:03 EDT 2016
Why is your ACS allowing connections from CPEs not in your IP space?
We setup our DSL CPE's with two PVCs, one on the standard 0/35 that
customer internet traffic uses, and 0/36 which is strictly for the ACS and
lives in private IP space. For our PON and ethernet customers, untagged
traffic is public internet, and traffic tagged to a specific VLAN goes to
the ACS. The tagging is done by the CPE. In this way, our attack surface is
significantly reduced.
-dan
On Wed, Jul 27, 2016 at 2:22 AM, Sergio <
sergio.fernandez at electronicamartinez.com> wrote:
> Hello!
>
> I've been hacked these months on servers that had GenieACS installed.
> They've only hacked GenieACS instances, I've got many others and this is
> something weird.
>
> I've been focusing on the logs, and the SSH trial-and-error log is huge.
> But I always install Fail2Ban so I'm not considering this as the source of
> the problem. We have tried also only enabling public-key logging, so we
> deactivate passwords, but the problem is the same.
>
> The last hack has been today, and my machine was being used as a Bitcoin
> miner in the monero.crypto-pool.fr
>
> The other instance normally is infected by a ransomware that encrypts all
> that is under the apache directory and some others.
>
> Do you know what could be happening? I follow the guide I wrote here
> https://github.com/zaidka/genieacs/wiki/Installation-in-Ubuntu-14.04-Server
> The only thing I know it's a bit unsecure it's that I am using a root
> account... But we think that it is not the main problem.
>
> Any related stories on this topic are welcome, as well as any tip, or
> anything that I could be missing in my guide.
>
> Thank you a lot!
>
> Sergio F.
> _______________________________________________
> Users mailing list
> Users at lists.genieacs.com
> http://lists.genieacs.com/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genieacs.com/pipermail/users/attachments/20160727/992fb656/attachment.html>
More information about the Users
mailing list