EQEmulator Forums

EQEmulator Forums (https://www.eqemulator.org/forums/index.php)
-   General::Server Discussion (https://www.eqemulator.org/forums/forumdisplay.php?f=601)
-   -   from Russia, with love... (https://www.eqemulator.org/forums/showthread.php?t=42937)

Ladrone 05-19-2020 01:53 PM
from Russia, with love...
 
I want to thank everyone who has dedicated their time and effort into making this such a great community and keeping the game alive.

For those of you who want to do bad things, I feel sorry for your upcoming visit from Karma.

I recently set up a new server to play a little classic EQ with some friends. At first it I set it up for just a LAN session but then decided to connect it to the internet...

Thankfully I set up a separate router and ISP connection to protect the rest of my personal devices. I cleared the logs on the router and within 10 minutes of forwarding ports and being connected to the internet I was being violated...

[Internet disconnected] Monday, May 18,2020 21:29:11
[LAN access from remote] from 185.176.27.14:59422 to 192.168.2.136:7084, Monday, May 18,2020 21:27:19
[LAN access from remote] from 185.176.27.14:59422 to 192.168.2.136:7085, Monday, May 18,2020 21:17:23

I simply unplugged the ISP as soon as I noticed the traffic, but if I had not been mindful of the traffic I wonder what would be crawling around in my server today.

I am not a network engineer or a software developer, I dabble with tech a little bit and maybe I am just being paranoid. What I do know is that this person in Russia is hot for my patch.


person: ****
address: ****
phone: ****
email: ****

Mevlok 05-20-2020 01:13 AM
I am sorry, I do not know the answer, but you really shouldn't have your personal information in your signature. If that is real, I would recommend removing it asap.

demonstar55 05-20-2020 02:07 AM
Quote:
Originally Posted by Mevlok (Post 265022)
I am sorry, I do not know the answer, but you really shouldn't have your personal information in your signature. If that is real, I would recommend removing it asap.
It's not their info, it's the "hackers" (they provided no evidence they did anything, so I added quotes, I find a lot of reports that someone at that IP port scans people /shrug)

Secrets 05-20-2020 03:56 AM
Not entirely shocking. Chinese/Russian/other IPs port scan for services running on non-standard listening ports all the time.

Often times these compromised PCs acting as part of a botnet looking to break into stuff. IE; if you're running a vulnerable FTP server for example, and they discover it on one of the ports when they get the right reply, they'll just compromise the FTP server, or get root access to the machine through an exploit on the FTP server, etc. Same with SSH servers with nothing to stop bruteforcing, etc...

If you are freaking out about someone connecting your machine in any capacity, consider how many people type 'Google.com' into their web browser and connect to those machines serving up your request. Just because someone is connecting to your machine doesn't mean they have administrative rights to it.

That's not to say you don't need to be careful, but generally if someone connects to your EQEmu server and it's set up properly it won't affect anything else on your network.

Ladrone 05-22-2020 02:50 PM
Thanks, appreciate the insight. Makes sense as long as the server is set up properly I should not worry.


All times are GMT -4. The time now is 03:44 PM.

Powered by vBulletin®, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.