Just a heads up for those who use MYbb software. Our web site has been taking an attack for two days now. It started as a two-point attempt to access a file that was maliciously dropped into our public side file structure. We are still trying to find out how this file was dropped into the file structure. Fortunately, the main file security posture did not allow writing any file, so the folders were empty. This one item is why our website is still on line. The empty file folders generated an error on the server log and that is how we found the file structure compromised.
They attempted at first to open files within the two folders. When they could not access them or open them, they then began trying to access the htaccesss file. My guess is the files that were not allowed to be written were a control program designed to give them access to the server side and all the files. Since that time, they have attempted to access the BOT programs that are allowed inside the program. They continue to try to gain access to the control files.
We have banned a whole series of IP's from multiple points across the US. I think I am at over 150 ip's banned/blocked.
The fervor of these people is concerning. Not only are they trying to hack into the system they are using up connections for our guests. Our host has blocked about 50 of the IP's from their servers.
IF you find a file named; .well-known, with a sub file named; acme-challenge dropped into your public HTML side do not ignore it. Remove its contents and its permissions. I didn't get to see what the contents were as I had blocked the writing of any data into the folders, but they tried to access a command file and several other items that were supposed to have been written within it.
Now they are pinging anything and everything to gain access. I don't understand the persistence they are exerting for a small forum like ours.
Bill
Systems Administration- Patriot Action.
Patriot Action
E-mail; [email protected]
Secure your server access. Use two step authentications. Don't give these people an inch...
They attempted at first to open files within the two folders. When they could not access them or open them, they then began trying to access the htaccesss file. My guess is the files that were not allowed to be written were a control program designed to give them access to the server side and all the files. Since that time, they have attempted to access the BOT programs that are allowed inside the program. They continue to try to gain access to the control files.
We have banned a whole series of IP's from multiple points across the US. I think I am at over 150 ip's banned/blocked.
The fervor of these people is concerning. Not only are they trying to hack into the system they are using up connections for our guests. Our host has blocked about 50 of the IP's from their servers.
IF you find a file named; .well-known, with a sub file named; acme-challenge dropped into your public HTML side do not ignore it. Remove its contents and its permissions. I didn't get to see what the contents were as I had blocked the writing of any data into the folders, but they tried to access a command file and several other items that were supposed to have been written within it.
Now they are pinging anything and everything to gain access. I don't understand the persistence they are exerting for a small forum like ours.
Bill
Systems Administration- Patriot Action.
Patriot Action
E-mail; [email protected]
Secure your server access. Use two step authentications. Don't give these people an inch...