↓
 

Computer Aid

Ph: 0402 133 866

  • Home
  • Blog
  • Contact
  • Web Services
    • Websites
    • SEO
    • Hosting
    • Domain Names
    • Portfolio
Home→Tags china

Tag Archives: china

China is hacking anyone they can

Computer Aid Posted on 2 December, 2012 by Luigi Martin2 December, 2012

About 1 year ago, I had setup a NAS server (Linux-based), for a small company.

I set it all up, including remote access to the admin area, and to an online file manager (so that employees could do some work from home, if needed).

Well, a few days ago, the backups started giving error messages, so while fixing the issue, I also upgraded the firmware, and I was also asked to see if it was possible to track user access to files (eg which file was accessed, and when).

So I enabled the system connection logs, hoping they would show the information needed.

Well, the logs didn’t show what I wanted, but a few hours later, I noticed an unusual number of failed login attempts…

About 25 attempts per minute… and this would continue for about 5 to 10 minutes

They would try typical usernames like “root”, “admin” and “bin”, as well as others.

The really interesting part was when I looked up the country of origin for the logged IP addresses of the hackers:

Most were located in China

Although this particular company didn’t have huge secrets, the server had IP property, which might have been useful to some Chinese companies.

So, it looks like is any company has servers that can be accessed externally, they they will be subject to hacking attempts (and consequently: industrial espionage) from China.

In this case, the solution was easy, The NAS server has a Network Access Protection system, where I can specify if a particular IP address generates more than 5 failed login attempts within 1 minute, then the IP address is blocked from any further attempts.

Some of the IP addresses captured are:

58.215.56.110: China
117.21.208.26: China
117.79.91.55: China
183.136.128.217: China
211.94.161.84: China
114.205.1.149: Korea
117.79.91.209: China
And after implementing the Network Access Protection:
113.163.22.170: Vietnam
65.164.153.141: USA
189.112.236.116: Brazil
217.174.152.147: Bulgaria
85.31.105.66: France
61.234.146.22: China
80.252.241.37: Ukraine
111.74.82.33: China
221.13.34.3: China

Obviously not enough data here, but there are strong indications of Chinese (individuals, or companies, or even Government) involvement in hacking for company secrets.

I’m not exactly sure why lots of different countries started appearing in the hacking logs only after the Network Protection was enabled… but I’ll check again in a few weeks, and see if there is a more definite pattern.

After thinking about this for a few days, my paranoia got the better of me, and I implemented similar security on this blog… The Computer Aid blog represents over 900 blog posts (most personally written by myself), and thousands of hours of work over 7 years… I don’t want to lose it.

Posted in Business | Tagged china, espionage, hacking

Archives

Categories

Recent Comments

  • Sue Jones on outlook error 0X800ccc0e while sending emails
  • Blair Newmann on AdSmartMedia advertising
  • Private Investigator in GTA on Divorce, consent orders, and superannuation splits: getting the wording correct

Tags

802.11g ADSL amd android bigpond broadband bsod defender dell email exitjunction firefox firewall gmail Google google contacts ie7 infection internet connection ISP laptop Linux m1188a ntldr is missing office 2007 outlook outlook express password power supply problems ram registry repair install sata scam slow telstra thunderbird usb vista wifi windows 7 wireless wordpress xp
Copyright © 2005-2015 Computer Aid
↑