Author Topic: Compromised Russian Webserver Bruting my RDP  (Read 4413 times)

0 Members and 1 Guest are viewing this topic.

March 27, 2016, 01:22:19 am
Read 4413 times

BenENichols

  • Newbie

  • Offline
  • *

  • 9
    • Blacklists For Squid Proxy & More.
I get rdp bruted all the time, I just happened to notice my firewall blocking this one while working. Figured I would share it, nmapped the ip, port 80 was open, so I found the domain name.

Server Type    Status    ContentType
Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.14    200 OK    text/html; charset=UTF-8

host - 188x134x1x20.static-business.iz.ertelecom.ru

http://bazamaria.ru/

http://188.134.1.20/

There is a demand for a better blacklist, we intend to fill that gap.

Benjamin E. Nichols
http://www.squidblacklist.org

March 28, 2016, 10:52:09 pm
Reply #1

dlipman

  • Special Access
  • Full Member

  • Offline
  • *

  • 60
    • Multi-AV Scanning Tool
From the IP address, you get the network and their IP range; 188.134.0.0 - 188.134.63.255.
Block the address range in the computer's Firewalll or on the enclave's perimeter Firewall.

March 29, 2016, 01:04:14 am
Reply #2

BenENichols

  • Newbie

  • Offline
  • *

  • 9
    • Blacklists For Squid Proxy & More.
I actually forgot to setup this router, were blocking ALL of Russian ip space actually.
There is a demand for a better blacklist, we intend to fill that gap.

Benjamin E. Nichols
http://www.squidblacklist.org