Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Someone is ddosing my server network.

14 minutes ago, Lemon797 said:

I have a vnc set up on my server and when I turned it on today 185.56.80.222 kept trying to connect to the vnc when a looked up the ip I got this: https://www.abuseipdb.com/check/185.56.80.222

and I can’t find a way to blacklist the ip. My router is using dd wrt.

Stop port forwarding 5900 as your VNC port.

 

It's not a DDOS attack, it's likely attempting to find vulnerable systems with weak passwords.

Make sure to quote me or use @PorkishPig to notify me that you replied!

             Quote

Desktop

CPU - Ryzen 9 3900X | Cooler - Noctua NH-U12S | Motherboard - Asus TUF X570-PLUS (WiFi) RAM - Corsair Vengeance LPX (2x8GB) DDR4-3200

GPU - MSI GTX 1070 Ti PSU - EVGA B3 650W Case - Meshify C Storage - 960 EVO 500GB, S31 1TB, MX500 500GB

 

Media Server

CPU - Core i5-4570 | RAM - Samsung 16GB (4x4GB) DDR3-1600 | Case - OptiPlex 9020 SFF

Storage - 850 EVO 128GB (Boot), BX500 240GB (Software), WD Red 4TB (Storage) | OS - TrueNAS Core

Link to post
Share on other sites
Just now, PorkishPig said:

Stop port forwarding 5900 as your VNC port.

ok.

1 minute ago, PorkishPig said:

It's not a DDOS attack, it's likely an attempting to find vulnerable systems with weak passwords.

there where repeatedly trying to connect to the vnc, about twice a minute.

Link to post
Share on other sites
14 minutes ago, Lemon797 said:

I have a vnc set up on my server and when I turned it on today 185.56.80.222 kept trying to connect to the vnc when a looked up the ip I got this: https://www.abuseipdb.com/check/185.56.80.222

and I can’t find a way to blacklist the ip. My router is using dd wrt.

Having VNC-port open is a bad idea to begin with, but surely you can add the offending IP to blacklist in DD-WRT's firewall? I don't use DD-WRT, I use OpenWRT and PFsense, so I can't give any specific instructions.

Hand, n. A singular instrument worn at the end of the human arm and commonly thrust into somebody’s pocket.

Link to post
Share on other sites

1. You setup a PUBLIC facing login page and are surprised some bot is trying to login?

2. You failed to properly secure your VNC settings to not blacklist failed attempts after x number of attempts

3. This is not a DDOS attack, this is a bot trying to login and poke for vulnerabilities, which, if they are any they will find.

4. You should NEVER setup RDP/VNC/etc. on a public facing connection unless you're ready for the hassle it will bring.

5. Blacklisting this IP address will not stop the bots from trying, they know your connection has a VNC port open, more will come.

 

Edit:

I completely agree with the above, stop port forwarding the VNC port to start with and hope the attempts die down or stop once the port is no longer reachable. Also look into using a VPN setup to remotely access this securely.

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
Just now, WereCatf said:

Having VNC-port open is a bad idea to begin with, but surely you can add the offending IP to blacklist in DD-WRT's firewall? I don't use DD-WRT, I use OpenWRT and PFsense, so I can't give any specific instructions.

I couldn't find a way to blacklist the ip and when I looked it up all that came up was parental controls.

Link to post
Share on other sites
1 minute ago, Lurick said:

2. You failed to properly secure your VNC settings to not blacklist failed attempts after x number of attempts

The vnc did blacklist the ip but it keeps trying to connect.

Link to post
Share on other sites
Just now, Lemon797 said:

The vnc did blacklist the ip but it keeps trying to connect.

Well that's better at least but still not ideal. I must have missed that originally :)

VPN solution would be much better to remotely access your stuff.

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
8 minutes ago, Lurick said:

1. You setup a PUBLIC facing login page and are surprised some bot is trying to login?

I actually have a web-server and I get bots (presumably?) attempting to reach things like www.mysite.com/admin or /login etc. all the time.

 

It only hosts plain html files haha

Link to post
Share on other sites
1 minute ago, akio123008 said:

I actually have a web-server and I get bots (presumably?) attempting to reach things like www.myste.com/admin or /login etc. all the time.

 

It only hosts plain html files haha

At least OP didn't do this with RDP :P

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
1 minute ago, Lurick said:

Well that's better at least but still not ideal. I must have missed that originally :)

VPN solution would be much better to remotely access your stuff.

How would I set that up. I need to be able to access it from outside of the network because my home and server network are separate.

Link to post
Share on other sites
3 minutes ago, Lemon797 said:

How would I set that up. I need to be able to access it from outside of the network because my home and server network are separate.

Depends on your resources available but you could look at an IPSec VPN or something with OpenVPN, depending on what DD-WRT offers. It's been ages since I've even looked at it so I'm not sure if there is a VPN client natively built in. If you want to get really creative an option would be to setup a VM or something as a VPN server and setup a site-to-site VPN between your home and a VPS and then VPN to the VPS which would give you remote access, this would let them deal with spammers trying to login to the VPN although it's more hassle and if you properly setup the VPN on your router you really wouldn't have issues, yes there will be people/bots/whatever that try to login but usually they'll disappear after a few failed attempts to find any vulnerabilities.

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
1 minute ago, Lurick said:

Depends on your resources available but you could look at an IPSec VPN or something with OpenVPN, depending on what DD-WRT offers. It's been ages since I've even looked at it so I'm not sure if there is a VPN client natively built in. If you want to get really creative an option would be to setup a VM or something as a VPN server and setup a site-to-site VPN between your home and a VPS and then VPN to the VPS which would give you remote access, this would let them deal with spammers trying to login to the VPN although it's more hassle and if you properly setup the VPN on your router you really wouldn't have issues, yes there will be people/bots/whatever that try to login but usually they'll disappear after a few failed attempts to find any vulnerabilities.

ok. I'm very new to this and need some help. Here s what i'm trying to do:

1. I have a bunch of old pc's set up on there own network.

2. I have them set up to run a minecraft server

3. I need them all to have some sort of remote desktop

4. and a start up script that turns on the minecraft server and the remote desktop.

 

I have found a way to do numbers 1,2, and 4 but now i'm get hit on 3.

Link to post
Share on other sites
4 minutes ago, Lemon797 said:

ok. I'm very new to this and need some help. Here s what i'm trying to do:

1. I have a bunch of old pc's set up on there own network.

2. I have them set up to run a minecraft server

3. I need them all to have some sort of remote desktop

4. and a start up script that turns on the minecraft server and the remote desktop.

 

I have found a way to do numbers 1,2, and 4 but now i'm get hit on 3.

I would look at OpenVPN:

https://openvpn.net/community-resources/how-to/

 

If you want a pure Windows guide:

https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
3 minutes ago, Lemon797 said:

Oh yeah. I forgot to mention that there running arch liux.

In that case this guide should do well, it's a couple years old but should still get you moving:

https://linuxhint.com/install-openvpn-arch-linux/

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
1 minute ago, Lurick said:

In that case this guide should do well, it's a couple years old but should still get you moving:

https://linuxhint.com/install-openvpn-arch-linux/

ok. I have tigervnc right now and I changed the ports so that they are more secure and I don't want to have to set this up again. Is there any reason I should switch?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Newegg

×