« previous next »
Pages: [1]   Go Down

Author Topic: Compromised Russian Webserver Bruting my RDP  (Read 24698 times)

0 Members and 1 Guest are viewing this topic.

March 27, 2016, 01:22:19 am
Read 24698 times

BenENichols

  • Newbie
  • Offline
  • *
  • 9
    • Blacklists For Squid Proxy & More.
Compromised Russian Webserver Bruting my RDP
I get rdp bruted all the time, I just happened to notice my firewall blocking this one while working. Figured I would share it, nmapped the ip, port 80 was open, so I found the domain name.

Server Type    Status    ContentType
Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.14    200 OK    text/html; charset=UTF-8

host - 188x134x1x20.static-business.iz.ertelecom.ru

http://bazamaria.ru/

http://188.134.1.20/

Logged
There is a demand for a better blacklist, we intend to fill that gap.

Benjamin E. Nichols
http://www.squidblacklist.org
March 28, 2016, 10:52:09 pm
Reply #1

dlipman

  • Special Access
  • Full Member
  • Offline
  • *
  • 61
Re: Compromised Russian Webserver Bruting my RDP
From the IP address, you get the network and their IP range; 188.134.0.0 - 188.134.63.255.
Block the address range in the computer's Firewalll or on the enclave's perimeter Firewall.
Logged
March 29, 2016, 01:04:14 am
Reply #2

BenENichols

  • Newbie
  • Offline
  • *
  • 9
    • Blacklists For Squid Proxy & More.
Re: Compromised Russian Webserver Bruting my RDP
I actually forgot to setup this router, were blocking ALL of Russian ip space actually.
Logged
There is a demand for a better blacklist, we intend to fill that gap.

Benjamin E. Nichols
http://www.squidblacklist.org
Pages: [1]   Go Up
« previous next »