Rampagingraptor":y500vhtb said:Out of curiosity, How are the bots getting through, anyways? Are they attempting to just access the servers directly, or are they just making throw away accounts? Or something else entirely?
Yeah. VoIP is a major target. VoIP servers are so often overlooked for being updated, and people often expose them to the Internet for "easy management". It's crazy how much can be done with a VoIP server. With companies that have intellectual property they really care about, VoIP is often used as a means to exfiltrate data. VoIP is often ignored by most security controls and left alone for fear of interrupting phone service. What's worse, people commonly put VoIP on the same networks as their computers rather than separate them out to an isolated network like they should be.CooperDragon":2wc4fze9 said:We see attacks just like you're describing on our VoIP servers all the time and have to take similar countermeasures. The country blacklisting works much better for phone servers, especially if no international calling is expected.
beardie":2ovdjs30 said:@anastasia6988 - Resolved. I disabled that specific rule on the forums. It appears that normal use is triggering it.
beardie":wm8x43p5 said:@Pogo: The rule that was causing that has been disabled for the forums. Hopefully that should take care of the issue you were seeing. Someone else reported the same problem via email. I really wonder what characters or combination of characters are triggering this rule. Many possible causes are things that might look like database commands or database comments, such as a double dash (--), or even apostrophes ('). Most of the ones that were a little too broad like that I disabled, but it seems there are still SOME combinations that may trigger it. But hopefully soon, we will have things tuned nicely to catch as much bad stuff as possible without affecting you all.
Thanks for reporting it!
-Alex
I've been doing just Information Security for about 11 years now. Have had my CISSP for almost 5 years. I've had the benefit of being part of a small group that was responsible for the policy-level governance and program management for a large company. We leveraged the IT resources that managed the systems themselves. So, I got less hands-on experience with security tech at work. I have the training, and experience to plan. But much of my hands on experience with tools like these is with this site or my own home network. I have to understand the professional systems involved in order to do incident response and forensic analysis, so that has also been helpful professionally.Rampagingraptor":1683qlg3 said:Thanks for all that info! I actually went to college for Information Assurance (Eastern decided to rename a major, but basically just like any network security degree), so I knew alot of that, but it is really nice to have a bit of a refresher, learn some more info I hadn't quite learned yet, and see how you run you're system! Still, I feel so inexperienced and lacking compared to you in the field. XP
Captchas are pretty much useless these days. The bot networks are far too good at solving them. I've been using question/answer combinations. I just looked into improving the Q&A, and found I was making classic mistakes of using questions that are easily "Google-able", which is what many bots do now... google the question and generate answers based on Google. Many also recommend one question, and if you see new bots getting in, alter the question to be more difficult. I am currently using one that cannot be googled, but anyone registering should know the answer to. "What sort of reptile is this site about?" There are multiple ways to answer it that are supported. Hopefully that's easy enough for humans, but hard enough for bots.Anyways, I know its not really the major problem, but have you thought of adding a captcha to add a little bit more security from robots? I figure it probably cost a monthly sort of fee, but I would be interested to hear your thoughts on it.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?