Jump to content

Someone is ddosing my server network.

archiso
14 minutes ago, Lemon797 said:

I have a vnc set up on my server and when I turned it on today 185.56.80.222 kept trying to connect to the vnc when a looked up the ip I got this: https://www.abuseipdb.com/check/185.56.80.222

and I can’t find a way to blacklist the ip. My router is using dd wrt.

Stop port forwarding 5900 as your VNC port.

 

It's not a DDOS attack, it's likely attempting to find vulnerable systems with weak passwords.

Make sure to quote me or use @PorkishPig to notify me that you replied!

 

 

Desktop

CPU - Ryzen 9 3900X | Cooler - Noctua NH-D15 | Motherboard - ASUS TUF X570-PLUS RAM - Corsair Vengeance LPX DDR4-3200 32GB Case - Meshify C

GPU - RTX 3080 FE PSU - Straight Power 11 850W Platinum Storage - 980 PRO 1TB, 960 EVO 500GB, S31 1TB, MX500 500GB | OS - Windows 11 Pro

 

Homelab

CPU - Core i5-11400 | Cooler - Noctua NH-U12S | Motherboard - ASRock Z590M-ITX RAM - G.Skill Ripjaws V DDR4-3600 32GB (2x16)  | Case - Node 304

PSU - EVGA B3 650W | Storage - 860 EVO 256GB, Sabrent Rocket 4.0 1TB, WD Red 4TB (x6 in RAIDZ1 w/ LSI 9207-8i) | OS - TrueNAS Scale (Debian)

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, PorkishPig said:

Stop port forwarding 5900 as your VNC port.

ok.

1 minute ago, PorkishPig said:

It's not a DDOS attack, it's likely an attempting to find vulnerable systems with weak passwords.

there where repeatedly trying to connect to the vnc, about twice a minute.

Link to comment
Share on other sites

Link to post
Share on other sites

14 minutes ago, Lemon797 said:

I have a vnc set up on my server and when I turned it on today 185.56.80.222 kept trying to connect to the vnc when a looked up the ip I got this: https://www.abuseipdb.com/check/185.56.80.222

and I can’t find a way to blacklist the ip. My router is using dd wrt.

Having VNC-port open is a bad idea to begin with, but surely you can add the offending IP to blacklist in DD-WRT's firewall? I don't use DD-WRT, I use OpenWRT and PFsense, so I can't give any specific instructions.

Hand, n. A singular instrument worn at the end of the human arm and commonly thrust into somebody’s pocket.

Link to comment
Share on other sites

Link to post
Share on other sites

1. You setup a PUBLIC facing login page and are surprised some bot is trying to login?

2. You failed to properly secure your VNC settings to not blacklist failed attempts after x number of attempts

3. This is not a DDOS attack, this is a bot trying to login and poke for vulnerabilities, which, if they are any they will find.

4. You should NEVER setup RDP/VNC/etc. on a public facing connection unless you're ready for the hassle it will bring.

5. Blacklisting this IP address will not stop the bots from trying, they know your connection has a VNC port open, more will come.

 

Edit:

I completely agree with the above, stop port forwarding the VNC port to start with and hope the attempts die down or stop once the port is no longer reachable. Also look into using a VPN setup to remotely access this securely.

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, WereCatf said:

Having VNC-port open is a bad idea to begin with, but surely you can add the offending IP to blacklist in DD-WRT's firewall? I don't use DD-WRT, I use OpenWRT and PFsense, so I can't give any specific instructions.

I couldn't find a way to blacklist the ip and when I looked it up all that came up was parental controls.

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Lurick said:

2. You failed to properly secure your VNC settings to not blacklist failed attempts after x number of attempts

The vnc did blacklist the ip but it keeps trying to connect.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, Lemon797 said:

The vnc did blacklist the ip but it keeps trying to connect.

Well that's better at least but still not ideal. I must have missed that originally :)

VPN solution would be much better to remotely access your stuff.

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

8 minutes ago, Lurick said:

1. You setup a PUBLIC facing login page and are surprised some bot is trying to login?

I actually have a web-server and I get bots (presumably?) attempting to reach things like www.mysite.com/admin or /login etc. all the time.

 

It only hosts plain html files haha

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, akio123008 said:

I actually have a web-server and I get bots (presumably?) attempting to reach things like www.myste.com/admin or /login etc. all the time.

 

It only hosts plain html files haha

At least OP didn't do this with RDP :P

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Lurick said:

Well that's better at least but still not ideal. I must have missed that originally :)

VPN solution would be much better to remotely access your stuff.

How would I set that up. I need to be able to access it from outside of the network because my home and server network are separate.

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, Lemon797 said:

How would I set that up. I need to be able to access it from outside of the network because my home and server network are separate.

Depends on your resources available but you could look at an IPSec VPN or something with OpenVPN, depending on what DD-WRT offers. It's been ages since I've even looked at it so I'm not sure if there is a VPN client natively built in. If you want to get really creative an option would be to setup a VM or something as a VPN server and setup a site-to-site VPN between your home and a VPS and then VPN to the VPS which would give you remote access, this would let them deal with spammers trying to login to the VPN although it's more hassle and if you properly setup the VPN on your router you really wouldn't have issues, yes there will be people/bots/whatever that try to login but usually they'll disappear after a few failed attempts to find any vulnerabilities.

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Lurick said:

Depends on your resources available but you could look at an IPSec VPN or something with OpenVPN, depending on what DD-WRT offers. It's been ages since I've even looked at it so I'm not sure if there is a VPN client natively built in. If you want to get really creative an option would be to setup a VM or something as a VPN server and setup a site-to-site VPN between your home and a VPS and then VPN to the VPS which would give you remote access, this would let them deal with spammers trying to login to the VPN although it's more hassle and if you properly setup the VPN on your router you really wouldn't have issues, yes there will be people/bots/whatever that try to login but usually they'll disappear after a few failed attempts to find any vulnerabilities.

ok. I'm very new to this and need some help. Here s what i'm trying to do:

1. I have a bunch of old pc's set up on there own network.

2. I have them set up to run a minecraft server

3. I need them all to have some sort of remote desktop

4. and a start up script that turns on the minecraft server and the remote desktop.

 

I have found a way to do numbers 1,2, and 4 but now i'm get hit on 3.

Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, Lemon797 said:

ok. I'm very new to this and need some help. Here s what i'm trying to do:

1. I have a bunch of old pc's set up on there own network.

2. I have them set up to run a minecraft server

3. I need them all to have some sort of remote desktop

4. and a start up script that turns on the minecraft server and the remote desktop.

 

I have found a way to do numbers 1,2, and 4 but now i'm get hit on 3.

I would look at OpenVPN:

https://openvpn.net/community-resources/how-to/

 

If you want a pure Windows guide:

https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, Lemon797 said:

Oh yeah. I forgot to mention that there running arch liux.

In that case this guide should do well, it's a couple years old but should still get you moving:

https://linuxhint.com/install-openvpn-arch-linux/

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Lurick said:

In that case this guide should do well, it's a couple years old but should still get you moving:

https://linuxhint.com/install-openvpn-arch-linux/

ok. I have tigervnc right now and I changed the ports so that they are more secure and I don't want to have to set this up again. Is there any reason I should switch?

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×