If life were only that simple. A lot of hacking passes through unsuspecting intermediary computers, precisely to hide their tracks, not to mention IP spoofing. People have offered for sale access to 10,000 computers to use for propagating mischief. That's a lot of IPs to block!
I got hacked about six months ago. They came in through SSH and figured out roots password, which was a concatenation of two English words. I presume they did a dictionary search. Then they changed the password, replaced some key files and launched a denial of service attack against somebody (including compiling the program on my machine)! I traced the IP address to a Comcast customer in Indiana or something and notified Comcast, but haven't heard anything. Probably their customer never even knew it happened--it was probably a hijacked situation. Prior to that I had been logging hundreds of robotic attacks a day that were unsuccessful! I re-installed everything and changed my SSH to a non-standard port and used a more robust password. I haven't had a single hack attempt the four months since. For my purposes, I don't really need SSH on a standard port. That made all the difference in the world. Two areas that have had large hacker presences in the past: Russia and China. A lot of E-Mail spam originates in those two areas, also. I've considered blocking the entire host domain for any provider generating spam from those regions, as I have no legitimate business need to correspond with people in those regions in general. However, I suspect it might block messages from a few users on this list, and I know it would block at least one user from another list I am on. Wilton
_______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
