Website and CNC unreachable

[Wassercrats]

Quote:

Tracing route to polisource.com [69.5.4.189]
over a maximum of 30 hops:

1 22 ms 15 ms 15 ms 10.32.37.1
2 31 ms 30 ms 15 ms 130.81.11.177
3 31 ms 62 ms 15 ms so-0-0-0-0.CORE-RTR1.NY325.verizon-gni.net [130.81.7.
181]
4 31 ms 30 ms 31 ms so-6-0-0-0.BB-RTR1.NY325.verizon-gni.net [130.81.18.8
8]
5 31 ms 30 ms 30 ms so-6-2-0-0.BB-RTR1.RES.verizon-gni.net [130.81.8.253]

6 31 ms 30 ms 30 ms 130.81.10.90
7 31 ms 30 ms 30 ms eqix.asbn.twtelecom.net [206.223.115.36]
8 31 ms 30 ms 30 ms core-01-so-0-1-0-0.asbn.twtelecom.net [66.192.255.228
]
9 140 ms 46 ms 46 ms core-02-so-0-0-0-0.atln.twtelecom.net [66.192.255.23]

10 62 ms 62 ms 109 ms dist-02-so-0-0-0-0.mtld.twtelecom.net [66.192.243.15]

11 62 ms 62 ms 62 ms hagg-01-ge-1-3-0-508.mtld.twtelecom.net [66.192.243.1
49]
12 46 ms 46 ms 46 ms core-x-01-2.futurequest.net [69.5.31.253]
13 polisource.com [69.5.4.189] reports: Destination protocol unreachable.

Trace complete.

For the last 5 minutes, at least, and all happy faces on the status page.

[Jeff]

Your site is coming up just fine from here...

[Wassercrats]

Still nothing here.

[Wassercrats]

I'm able to get it validated, but I still can't see it from here.

[Wassercrats]

I can't get esllou's website either, which is on Rasmus, but still all smiles at http://www.futurequest.net/Status/ .

[Arthur]

Barry, you should be able to access your site again.

Your IP address was blocked by our firewall after several attempts to logon to the server with an incorrect username (http).

Arthur

[Wassercrats]

Oh, my login script times things wrong sometimes. Actually, this time I think I right clicked and pasted something while something was being entered automatically. I'll have to be careful about that.

[TVB]

Quote:

Your IP address was blocked by our firewall after several attempts to logon to the server with an incorrect username (http).

That happened to me last night too. Has a setting been changed?

Betsy

[Terra]

Quote:

That happened to me last night too. Has a setting been changed?

Yes, we have implemented new defenses in response to the onslaught of SSH brute force login attacks against our servers... This has become such a severe (internet wide) problem, that we had to devise our own custom defense against this deviant behavior...

Though I cannot discuss the specifics of the new defenses, I can offer a few words of advice...

1) avoid using password authentication if possible and use SSH's public-key authentication

If you cannot use public-key authentication, then:
2) always double check to ensure you are using your correct username
3) be very careful that you do not typo your login password (there is an allowance though)

If the SSH Guardian sees a number of failed attempts from your IP address, either via invalid username or valid username but wrong password, it will invoke a firewall block against the source IP address...

It should be mentioned that this does not block visitors from viewing your web site, the block is on the source IP address and not the destination...

--
Terra
--there is going to be a day, that deviant/malicious activity will become so bad, that sysadmins everywhere will just throw up their arms then reach down to pull the plug since that is the only true defense--
FutureQuest

[TVB]

Hi Terra,

Just out of curiousity, if an IP becomes blocked, is a permanent (meaning=must bug service desk to admit I am braindead again) or a timed block, say like VB does if you enter the wrong password 5 times where it won't allow another try for 15 minutes?

And uh, to further reinforcement my reputation as periodically braindead or more likely, typo impaired, could someone kindly explain public key authentication for putty?

Betsy