Is it safe to use free domains from Freenom?

H

hesy2020-06-19 20:39:40

linux

hesy, 2020-06-19 20:39:40

A strange story happened.
In short: I bought VDS a couple of days ago, today it was blocked for me.
They said that I brut something there.
Yesterday I set up nginx, transferred a couple of my domains to their servers, and foolishly decided to register a free domain for tests at https://www.freenom.com/
I specified everything is OK when registering the hosting server, everything works.
From installed it is LEMP stack, nodejsm npm, java + certbot for certificates from letsencrypt. Nothing else.

The letter says that a brute was coming from my network, but I don’t understand how this is even possible?
At first I thought that they wanted to hack me and they turned it off. Even here the question asked how to be safe, and then they answered that it turns out I'm a bully))

Message with logs

An attempt to brute-force account passwords over SSH/FTP by a machine in your domain or in your network has been detected. Attached are the host who attacks and time / date of activity. Please take the necessary action(s) to stop this activity immediately. If you have any questions please reply to this email.

Host of attacker: xx.xx.xxx.xxx => xx.xx.xxx.xxx => xx.xx.xxx.xxx
Responsible email contacts: [email protected]
Attacked hosts in our Network: 77.75.251.232, 178.250.9.139, 37.228.156.166, 85.158.183.41, 178.250.15.226, 178.250.9.27

Logfile entries (time is CE(S)T):

Fri Jun 19 15:00:40 2020: user: root service: ssh target: 37.228.156.166 source: xx.xx.xxx.xxx
Fri Jun 19 15:00:26 2020: user: root service: ssh target: 178.250.9.139 source: xx.xx.xxx.xxx
Fri Jun 19 14:58:24 2020: user: root service: ssh target: 178.250.15.226 source: xx.xx.xxx.xxx
Fri Jun 19 14:58:20 2020: user: root service: ssh target: 77.75.251.232 source: xx.xx.xxx.xxx
Fri Jun 19 14:58:19 2020: user: root service: ssh target: 85.158.183.41 source: xx.xx.xxx.xxx
Fri Jun 19 14:57:05 2020: user: root service: ssh target: 178.250.9.27 source: xx.xx.xxx.xxx
Fri Jun 19 14:56:20 2020: user: test10 service: ssh target: 37.228.156.166 source: xx.xx.xxx.xxx
Fri Jun 19 14:56:06 2020: user: test10 service: ssh target: 178.250.9.139 source: xx.xx.xxx.xxx
Fri Jun 19 14:54:19 2020: user: test10 service: ssh target: 85.158.183.41 source: xx.xx.xxx.xxx
Fri Jun 19 14:54:14 2020: user: test10 service: ssh target: 178.250.15.226 source: xx.xx.xxx.xxx
Fri Jun 19 14:54:10 2020: user: test10 service: ssh target: 77.75.251.232 source: xx.xx.xxx.xxx
Fri Jun 19 14:52:55 2020: user: test10 service: ssh target: 178.250.9.27 source: xx.xx.xxx.xxx
Fri Jun 19 14:52:10 2020: user: ubuntu service: ssh target: 37.228.156.166 source: xx.xx.xxx.xxx
Fri Jun 19 14:52:06 2020: user: ubuntu service: ssh target: 178.250.9.139 source: xx.xx.xxx.xxx
Fri Jun 19 14:50:19 2020: user: ubuntu service: ssh target: 85.158.183.41 source: xx.xx.xxx.xxx
Fri Jun 19 14:50:14 2020: user: ubuntu service: ssh target: 178.250.15.226 source: xx.xx.xxx.xxx
Fri Jun 19 14:50:10 2020: user: ubuntu service: ssh target: 77.75.251.232 source: xx.xx.xxx.xxx
Fri Jun 19 14:48:55 2020: user: ubuntu service: ssh target: 178.250.9.27 source: xx.xx.xxx.xxx
Fri Jun 19 14:48:10 2020: user: test2 service: ssh target: 37.228.156.166 source: xx.xx.xxx.xxx
Fri Jun 19 14:47:56 2020: user: test2 service: ssh target: 178.250.9.139 source: xx.xx.xxx.xxx
Fri Jun 19 14:46:14 2020: user: test2 service: ssh target: 178.250.15.226 source: xx.xx.xxx.xxx
Fri Jun 19 14:46:10 2020: user: test2 service: ssh target: 77.75.251.232 source: xx.xx.xxx.xxx
Fri Jun 19 14:46:08 2020: user: test2 service: ssh target: 85.158.183.41 source: xx.xx.xxx.xxx
Fri Jun 19 14:44:55 2020: user: test2 service: ssh target: 178.250.9.27 source: xx.xx.xxx.xxx
Fri Jun 19 14:44:00 2020: user: julio service: ssh target: 37.228.156.166 source: xx.xx.xxx.xxx
Fri Jun 19 14:43:46 2020: user: julio service: ssh target: 178.250.9.139 source: xx.xx.xxx.xxx
Fri Jun 19 14:41:54 2020: user: julio service: ssh target: 178.250.15.226 source: xx.xx.xxx.xxx
Fri Jun 19 14:41:50 2020: user: julio service: ssh target: 77.75.251.232 source: xx.xx.xxx.xxx
Fri Jun 19 14:41:48 2020: user: julio service: ssh target: 85.158.183.41 source: xx.xx.xxx.xxx
Fri Jun 19 14:40:25 2020: user: julio service: ssh target: 178.250.9.27 source: xx.xx.xxx.xxx
Fri Jun 19 14:39:30 2020: user: root service: ssh target: 37.228.156.166 source: xx.xx.xxx.xxx
Fri Jun 19 14:39:06 2020: user: root service: ssh target: 178.250.9.139 source: xx.xx.xxx.xxx
Fri Jun 19 14:36:58 2020: user: root service: ssh target: 85.158.183.41 source: xx.xx.xxx.xxx
Fri Jun 19 14:36:54 2020: user: root service: ssh target: 178.250.15.226 source: xx.xx.xxx.xxx
Fri Jun 19 14:36:50 2020: user: root service: ssh target: 77.75.251.232 source: xx.xx.xxx.xxx
Fri Jun 19 14:35:15 2020: user: root service: ssh target: 178.250.9.27 source: xx.xx.xxx.xxx
Fri Jun 19 13:45:20 2020: user: root service: ssh target: 37.228.156.166 source: xx.xx.xxx.xxx
Fri Jun 19 13:36:44 2020: user: root service: ssh target: 178.250.15.226 source: xx.xx.xxx.xxx
Fri Jun 19 13:36:38 2020: user: root service: ssh target: 85.158.183.41 source: xx.xx.xxx.xxx
Fri Jun 19 13:36:30 2020: user: root service: ssh target: 77.75.251.232 source: xx.xx.xxx.xxx
Fri Jun 19 13:30:55 2020: user: root service: ssh target: 178.250.9.27 source: xx.xx.xxx.xxx

In the IP logs they lead to .de sites, what is it anyway?))

And the question itself, can this be related to this free domain? I know that free cheese is in a mousetrap, but for some reason I regretted 200 rubles for a domain :/

I don’t know how to be in this situation, the hoster says that he is not going to unblock the server.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitriy Loginov, 2020-06-22
@caramingo

I have several free domains on freenom.com.
I use them for non-production services.
I've been using it for a couple of years with no problems.