1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Blocking a hacker for good

Discussion in 'Networking' started by dez_666, Jun 23, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. dez_666

    dez_666 Thread Starter

    Joined:
    May 29, 2007
    Messages:
    842
    I am running a server on my PC and i am getting repeated attemps to brute force the login for it ._.
    However, the IP changes every time, so I assume they have an ISP that gives them a new IP every time they relase/renew or reconnect.. :mad:
    How do I find the MAC address (Or something else that would be a permanent identifier) so I can block them with my router? :D
     
  2. dez_666

    dez_666 Thread Starter

    Joined:
    May 29, 2007
    Messages:
    842
    Anyone ;_; have any solutions?
     
  3. redcivic

    redcivic

    Joined:
    Oct 10, 2003
    Messages:
    418
    How are you determining that someone is trying to get in? Logs?
     
  4. dez_666

    dez_666 Thread Starter

    Joined:
    May 29, 2007
    Messages:
    842
    Yep! thats how :D

    heres a sample

    Code:
    6/23/2007 1:00:24 PM 61.183.11.3:46569> Disconnected
    6/23/2007 1:00:25 PM 61.183.11.3:47193> Failed to authenticate as Administrator (adora)
    6/23/2007 1:00:26 PM 61.183.11.3:47193> Failed to authenticate as Administrator (adore)
    6/23/2007 1:00:27 PM 61.183.11.3:47193> Failed to authenticate as Administrator (adoree)
    6/23/2007 1:00:27 PM 61.183.11.3:47193> Disconnected
    6/23/2007 1:00:28 PM 61.183.11.3:47588> Failed to authenticate as Administrator (adoree)
    6/23/2007 1:00:31 PM 61.183.11.3:47588> Failed to authenticate as Administrator (adorne)
    6/23/2007 1:00:32 PM 61.183.11.3:47588> Failed to authenticate as Administrator (adrea)
    6/23/2007 1:00:32 PM 61.183.11.3:47588> Disconnected
    My server is supposed to have auto-IP banning based on the number of bad logins from an IP, but it doesnt seem to work ._. ive tested it myself by putting in bad logins..
    But anyways is there a way to find out the mac addy of people trying to do this?
     
  5. redcivic

    redcivic

    Joined:
    Oct 10, 2003
    Messages:
    418
    Is that log from your server or from your router?
     
  6. dez_666

    dez_666 Thread Starter

    Joined:
    May 29, 2007
    Messages:
    842
    My server. My router doesnt log those kinds of things..i dont believe.. :D
     
  7. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,409
    I suspect they're using a proxy server or many of them. You probably will have no luck in locking them out by IP address.
     
  8. dez_666

    dez_666 Thread Starter

    Joined:
    May 29, 2007
    Messages:
    842
    Hmm. :| I thought about the proxy server thing, but I traced one IP back to "serverkompetenz.de"..But that might be a proxy server that was a while ago before I thought they might be proxy'ing. But whoever is doing this seems pretty determined..Can anyone suggest free FTP server software? =]
     
  9. briealeida

    briealeida

    Joined:
    Jun 3, 2007
    Messages:
    650
    About the MAC thing, I thought that was a really good-to-go way to block someone, too until I was using Knoppix STD the other day and it has a MAC changer utility. I found this site that lists ways to change your MAC in a bunch of different OSs, for what it's worth:

    http://www.tech-faq.com/change-mac-address.shtml
     
  10. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,409
    FileZilla is a good FTP and free package.
     
  11. Tormn

    Tormn Banned

    Joined:
    Oct 13, 2007
    Messages:
    3
    Why did you stop hosting your website?
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,729
    I've edited your post. You need to read the rules before posting again. Rudeness and namecalling are not acceptable.
     
  13. royalprince

    royalprince

    Joined:
    Oct 1, 2007
    Messages:
    76
    Do one thing........

    Run the netstat -a command and send us the details of it....

    This will show up a list of ports that are open for access

    In case the hacker/s use a specific port we can simply block the application attached to it..
     
  14. WOOT[UnDeAd]

    WOOT[UnDeAd] Banned

    Joined:
    Nov 1, 2007
    Messages:
    3
    oh shiz wes i supposed to stop dezzy? lol im just playin. but i have an idea. try tracking the ip to the ISP then report them to the ISP with the logs and they'll do the rest.
     
  15. Tormn

    Tormn Banned

    Joined:
    Oct 13, 2007
    Messages:
    3
    Wat j0u doing? Hai WOOT[UnDeAd] XD WTF are the odds?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/587629