Possible Hacking Attempt?
Locked
 
|
Hello....
My local application has a web server component, and I have left it running for the last couple of days, to allow a third party (with whom I am co-developing a feature) to consume my web services (using HTTPS Get Requests). These all seem to work flawlessly. But this morning, I noticed some odd transcript messages similar to this... 2020/09/19 08:21:22.661|WARNING|Worker 83387|SstReceiveError('Connection negotiation failed with peer: https://195.54.161.136:63118; SSL handshake error: INTERNAL_ERROR (336027900): Unknown error OpenSSLError Error Code: 336027900 Error Object: (''unknown protocol'') Error String: ''error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol'' Error Hint: ''SSL23_GET_CLIENT_HELLO:unknown protocol'' AuxiliaryData: nil') Is it possible that this is some OTHER party, who has somehow noticed that I have an open and forwarded port trying to hack in? I'm running VAST 9.2.1 on Windows 10. I am using Dynamic DNS to provide my address to the third party, and in my router config, I have a port set to be forwarded to my development computer Any thoughts? Best Regards, Julian Ford You received this message because you are subscribed to the Google Groups "VA Smalltalk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/va-smalltalk/b46fc630-6092-492c-8c85-c8f2d29c5cban%40googlegroups.com. |
Re: Possible Hacking Attempt?
|
|
Port scanning on all kinds of IP addresses (fixed and residential) happens all the time. It can be alleviated a little bit by using an unusual port for the service, but even that is not guarantee.
The page at AbuseIPDB shows that this IP address is a prolific source of network abuse: https://www.abuseipdb.com/check/195.54.161.136 Given the frequency of attacks and apparent inability or unwillingness of the hosting provider to shut down the abusive server, it may be reasonable to block that IP range (195.54.160.0/23) in the router, but of course that will prevent hacking attempts only from that data center, not from the thousands others. Cheers, Hans-Martin [hidden email] schrieb am Samstag, 19. September 2020 um 17:38:00 UTC+2: Hello.... You received this message because you are subscribed to the Google Groups "VA Smalltalk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/va-smalltalk/de3d5a2c-a617-46f8-8723-9bbfe19a105an%40googlegroups.com. |
Re: Possible Hacking Attempt?
|
|
Another alternative is to put something like Cloudflare in front of
your service, then the traffic is routed by them, and they do protect you from DDoS and similar abuses. Esteban A. Maringolo On Mon, Sep 28, 2020 at 10:16 AM 'Hans-Martin Mosner' via VA Smalltalk <[hidden email]> wrote: > > Port scanning on all kinds of IP addresses (fixed and residential) happens all the time. It can be alleviated a little bit by using an unusual port for the service, but even that is not guarantee. > The page at AbuseIPDB shows that this IP address is a prolific source of network abuse: https://www.abuseipdb.com/check/195.54.161.136 > Given the frequency of attacks and apparent inability or unwillingness of the hosting provider to shut down the abusive server, it may be reasonable to block that IP range (195.54.160.0/23) in the router, but of course that will prevent hacking attempts only from that data center, not from the thousands others. > > Cheers, > Hans-Martin > [hidden email] schrieb am Samstag, 19. September 2020 um 17:38:00 UTC+2: >> >> Hello.... >> >> My local application has a web server component, and I have left it running >> for the last couple of days, to allow a third party (with whom I am co-developing >> a feature) to consume my web services (using HTTPS Get Requests). >> These all seem to work flawlessly. >> >> But this morning, I noticed some odd transcript messages similar to this... >> 2020/09/19 08:21:22.661|WARNING|Worker 83387|SstReceiveError('Connection negotiation failed with peer: <a href="https://195.54.161.136:63118;">https://195.54.161.136:63118; SSL handshake error: INTERNAL_ERROR (336027900): Unknown error >> OpenSSLError >> Error Code: 336027900 >> Error Object: (''unknown protocol'') >> Error String: ''error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol'' >> Error Hint: ''SSL23_GET_CLIENT_HELLO:unknown protocol'' >> AuxiliaryData: nil') >> >> Is it possible that this is some OTHER party, who has somehow >> noticed that I have an open and forwarded port trying to hack in? >> >> I'm running VAST 9.2.1 on Windows 10. >> I am using Dynamic DNS to provide my address to the third party, >> and in my router config, I have a port set to be forwarded to my >> development computer >> >> Any thoughts? >> >> Best Regards, >> Julian Ford >> > -- > You received this message because you are subscribed to the Google Groups "VA Smalltalk" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. > To view this discussion on the web visit https://groups.google.com/d/msgid/va-smalltalk/de3d5a2c-a617-46f8-8723-9bbfe19a105an%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "VA Smalltalk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/va-smalltalk/CAJMgPCL9%2Bawwt_2TrVvyq%2BsMz1RefWD0vns9g_gjysyi0sK6PA%40mail.gmail.com. |
|
|
Hi Julian, For non-development scenarios, other professional hosting services (nor just Cloudflare) include DOS attack monitoring and will quarantine your traffic when they detect an attack. Lastly, I would recommend having a periodic professional penetration test done by a certified ethical hacker who also happens to know Smalltalk (nudge nudge, wink wink) :D Hope all is going well, and you and the family stay safe. Jerry Kott. On Monday, September 28, 2020 at 6:26:29 AM UTC-7 [hidden email] wrote: Another alternative is to put something like Cloudflare in front of You received this message because you are subscribed to the Google Groups "VA Smalltalk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/va-smalltalk/00d4dcc3-e5cb-4740-acbf-2aff5f2bb01bn%40googlegroups.com. |
Re: Possible Hacking Attempt?
|
|
Thank you, guys....all 3 of these posts provided great information and insight.
Jerry...good idea about a penetration test. I will keep that in mind for sure! Fortunately, it seems that the connection was unable to access anything anyway, but still something to be very wary of, obviously! Regards, Julian P.S. Everyone safe and healthy here, Jerry...thanks! I hope all is well with your clan too! On Monday, September 28, 2020 at 3:30:21 PM UTC-4 [hidden email] wrote:
You received this message because you are subscribed to the Google Groups "VA Smalltalk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/va-smalltalk/61d76e16-4929-4df6-bf38-0b0af38ad9b2n%40googlegroups.com. |
«
Return to Instantiations
|
1 view|%1 views
| Free forum by Nabble | Edit this page |