Results 1 to 5 of 5

Thread: Someone spoofing my IP and trying to hack in

  1. #1
    Join Date
    Jan 2008
    Posts
    295

    Someone spoofing my IP and trying to hack in

    I don't know how someone got my IP address for my home computer (which is a static IP) and is trying to brute force hack into my DA server. The problem is that I have whitelisted my IP address for obvious reasons and some how they are using it.

    What can I do?

  2. #2
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    It's unlikely anyone is spoofing your IP address. The concept is very misunderstood, and here's why: If someone else spoofs your computer's IP address then your server will respond back to your computer, and not to the person who's spoofing your address.

    There's no possible way to work around this that I know of or can conceive of.

    Chances are it's something at your IP# that you don't know about. If it is a spoof it's strictly a DOS attack; the person can't ever use the attack to get into your server.

    We had a client (a network engineer) who appeared to have this problem. Because he knew it was unlikely he put a bit of effort into the search and finally found a system he'd forgotten about, on his network, doing an attempted email login. He shut that off, and the problem disappeared.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  3. #3
    Join Date
    Jan 2008
    Posts
    295
    The only other thing that I can think of is that I had a virtual machine running. I run Linux on my desktop and needed to run something in Windows. I opened my virtual machine and ran the software. The software that I ran was a PST email importer for Zimbra. However, this was on my internal network (nothing to do with my DA server). Because it is a virtual machine that doesn't run very often I never installed antivirus software on it (including a firewall). Maybe someone got through my pfSense firewall using that virtual machine? Then used that virtual machine to attack my DA server?? I don't understand how that could happen, the odds seem very low to me.

    The attached included user login attempts on dovecot and proftp.

  4. #4
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    The attached included user login attempts on dovecot and proftp.
    The attached what? I've got no idea what that means, but as I wrote; it's unlikely that anyone else is doing it, and even less likely that they could ever break in if they were.

    The best way to find out is to change your static IP# if possible. If the attacks continue, then they're even more likely coming from your own network.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  5. #5
    Join Date
    Jan 2008
    Posts
    295
    I must have been thinking of something else when I typed the word "attached". Sorry for the confusion.

    I think I figured it out and you were right. I had my old laptop running for a little while that day and since I've been using that laptop I changed my password on my email. So there is the login attempts.

    Thanks for the push in the right direction to figure it out.

Similar Threads

  1. Exim - Prevent From Spoofing
    By kubofonista in forum E-Mail
    Replies: 9
    Last Post: 11-02-2012, 12:31 PM
  2. hack in database
    By pppplus in forum System-Level Technical Discussion
    Replies: 10
    Last Post: 04-24-2012, 11:12 AM
  3. how to prevent this hack?
    By questions in forum General Technical Discussion & Troubleshooting
    Replies: 2
    Last Post: 02-28-2012, 10:37 AM
  4. DNS Spoofing
    By MadHag in forum DNS
    Replies: 10
    Last Post: 09-20-2008, 11:04 AM
  5. Someone trying to hack?
    By modem in forum General Technical Discussion & Troubleshooting
    Replies: 1
    Last Post: 02-11-2005, 03:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •