morggin Posted March 3, 2019 Share Posted March 3, 2019 I have had multiple hack attempts against the telnet session on my server. I have been adding the entire ISP subnet to my DROP packet policy in my IP Tables firewall. I have also been reporting the attempt by doing an ARIN IP LOOKUP and sending an email with text log to the abuse point of contact. See my BLACKLIST on my website if you are also interested in dropping the subnets yourself. http://atrumorbis.net/7-days-to-die/ Example hack attempt 2019-03-01T21:00:01 17743.596 ERR IOException in ReadLine for TelnetClient_125.64.94.208:33744: Write failure 2019-03-01T21:00:01 17743.597 EXC Write failure SocketException: The socket has been shut down at System.Net.Sockets.Socket.Send (System.Byte[] buf, Int32 offset, Int32 size, SocketFlags flags) [0x00000] in <filename unknown>:0 at System.Net.Sockets.NetworkStream.Write (System.Byte[] buffer, Int32 offset, Int32 size) [0x00000] in <filename unknown>:0 Rethrow as IOException: Write failure at System.Net.Sockets.NetworkStream.Write (System.Byte[] buffer, Int32 offset, Int32 size) [0x00000] in <filename unknown>:0 at System.IO.Stream.WriteByte (Byte value) [0x00000] in <filename unknown>:0 at TelnetConnection.HandlerThread (.ThreadInfo _tInfo) [0x00000] in <filename unknown>:0 UnityEngine.DebugLogHandler:Internal_LogException(Exception, Object) UnityEngine.DebugLogHandler:LogException(Exception, Object) UnityEngine.Logger:LogException(Exception, Object) UnityEngine.Debug:LogException(Exception) Logger:masterLogException(Exception) Logger:Exception(Exception) Log:Exception(Exception) TelnetConnection:HandlerThread(ThreadInfo) ThreadManager:myThreadInvoke(Object) (Filename: Line: -1) Link to comment Share on other sites More sharing options...
streaml1ne Posted March 3, 2019 Share Posted March 3, 2019 Why are you leaving the server's telnet port open to the outside world at all? Link to comment Share on other sites More sharing options...
morggin Posted March 3, 2019 Author Share Posted March 3, 2019 i'm not anymore. Blocked with the follow linux IP tables firewall entry # Drop untrusted to Telnet (8081) iptables -A INPUT -p tcp -i $UNTRUSTED --destination-port 8081 -j DROP iptables -A INPUT -p udp -i $UNTRUSTED --destination-port 8081 -j DROP Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.