What to do with Russian ip when trying to brute force?

A

Alexey Tutubalin2020-04-15 20:32:59

Information Security

Alexey Tutubalin, 2020-04-15 20:32:59

There is a small news website of the city and someone is stable, but trying to pick up passwords from the admin panel, then ftp, then ssh, all foreign ips are immediately banned forever (on subnets), here the conversation is short, but Russian ones often come across, and now in quarantine is especially often Russian, what to do with them? The owner of the site is a large company in the city, theoretically it is possible with statements to the police, but is it worth it, because all ips made one request and that’s it, ip was changed, and this can be up to 100 times a minute, for 5 minutes, the server to such load do not care, holds.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

Sanes, 2020-04-15
@Kennius

Well, send it to the ban too. What is the problem? For ssh, change the port, keys and IP whitelist.

A

Andrey Gavrilov, 2020-04-15
@thexaver

Use some waf for everyone and fuck the fool

X

xmoonlight, 2020-04-15
@xmoonlight

Let the one who breaks break the virtual machine with the "left" site and he will calm down.