Someone trying to hack my WD White light - Hacking WD MyBook World Ed

Fold

Someone trying to hack my WD White light

Cfontes 14 Sep 2009 20:23

Hi there…

I have noticed a hi amount of login tries in my WD,

here is a log file

 xxxxx auth.err sshd[13629]: error: Could not get shadow information for NOUSER
 xxxxx auth.info sshd[13629]: Failed password for invalid user ftpuser from xxxxxxxxxxxxx
 xxxxx auth.info sshd[13631]: Invalid user asterisk from xxxxxxxxxxxx

They are hundreds of these in my log files…

Any way I can counter attack this B* ??? or block his access to my WD, he is changing IP's and it's probably a spanish speaker as I can see in his ID tries.

Can I block like Argentina ?

I tried iptables, but I cannot make it work… somehow it's installed but I cannot find the app, (I know a little linux and that's not that I am lost) it's not there.

Thanks…

P.S: I thing the guys is trying to find a SPAM server for free… be aware ppl.
If I can't solve this I will have to block my DNS or the router port.

Last edited on 14 Sep 2009 20:29 by Cfontes Show more

Reply Options

Unfold Someone trying to hack my WD White light by

Cfontes, 14 Sep 2009 20:23

Fold

Re: Someone trying to hack my WD White light

kevku 15 Sep 2009 05:16

the easiest way to avoid this is to run the sshd on some other port (using the sshd config or your router NAT). if you need to access mbwe behind a corporate/school firewall then you options are somewhat limited, but ports like 8080 and some msn ports usually are open.

Reply Options

Unfold Re: Someone trying to hack my WD White light by

kevku, 15 Sep 2009 05:16

Fold

Re: Someone trying to hack my WD White light

chorlton 15 Sep 2009 15:03

It's more complex but if you have access to iptables then it is possible to disable connections from a specific IP address if there are a repeated number of connection attempts within a specific period of time. I did this on my router (since my blue-light WD doesn't have iptables) but the same principle should work. I should add that it needs a specific IP module, ipt_recent, to enable this feature.

I put some instructions here

(my post links to another article which described setting iptables up for the machine being "attacked" as opposed to via a router)

Last edited on 15 Sep 2009 15:08 by chorlton Show more

Reply Options

Unfold Re: Someone trying to hack my WD White light by

chorlton, 15 Sep 2009 15:03

Fold

Re: Someone trying to hack my WD White light

boondoklife 15 Sep 2009 18:39

My question would be why do you have SSH open to the world? I think a far better solution would be to setup a vpn server on the book or even better on your router and then vpn into your network. This way there is only one WD related hole in your network for people to try to foobar with. On top of this if you use a certificate for authentication then bam your golden.

But again just my two cents.

http://www.bit.ly/boondoklife

Reply Options

Unfold Re: Someone trying to hack my WD White light by

boondoklife, 15 Sep 2009 18:39

Fold

Re: Someone trying to hack my WD White light

drangina 16 Sep 2009 20:17

Same here i got the same kind of internet attack.

But the last log says it was accepted. I dont know what to do..

I disabled SSH and changed my admin password which i had earlier not changed.
what to do now. Am i in a big trouble?

My log is
09/16 10:41:53 MyBookWorld auth.info sshd[24616]: Accepted password for admin from 12.96.219.212 port 57276 ssh2
09/16 10:41:50 MyBookWorld auth.info sshd[24614]: Failed password for invalid user teste from 12.96.219.212 port 56651 ssh2
09/16 10:41:50 MyBookWorld auth.err sshd[24614]: error: Could not get shadow information for NOUSER
09/16 10:41:50 MyBookWorld auth.info sshd[24614]: Invalid user teste from 12.96.219.212
09/16 10:41:48 MyBookWorld auth.info sshd[24612]: Failed password for invalid user test1 from 12.96.219.212 port 56491 ssh2
09/16 10:41:48 MyBookWorld auth.err sshd[24612]: error: Could not get shadow information for NOUSER
09/16 10:41:48 MyBookWorld auth.info sshd[24612]: Invalid user test1 from 12.96.219.212
09/16 10:41:46 MyBookWorld auth.info sshd[24610]: Failed password for invalid user test from 12.96.219.212 port 56423 ssh2
09/16 10:41:46 MyBookWorld auth.err sshd[24610]: error: Could not get shadow information for NOUSER
09/16 10:41:46 MyBookWorld auth.info sshd[24610]: Invalid user test from 12.96.219.212

Reply Options

Unfold Re: Someone trying to hack my WD White light by

drangina, 16 Sep 2009 20:17

Fold

Re: Someone trying to hack my WD White light

boondoklife 17 Sep 2009 22:17

Well looks like someone was able to login and do who knows what, you might wanna look into a system restore or maybe a upgrade to get rid of any potential problems.

I always recommend people to use the AllowUsers tag in their sshd_config file, just place the names of the users you want to allow login with after it and your golden. Well as long as your passwords aren't garbage but that is another matter.

P.S. Make sure that atleast one of the allowed users is able to `sudo su -` so you can get root access when needed.

http://www.bit.ly/boondoklife

Reply Options

Unfold Re: Someone trying to hack my WD White light by

boondoklife, 17 Sep 2009 22:17

Fold

Re: Someone trying to hack my WD White light

nugga 18 Sep 2009 13:58

maybe try to scan your computers for warez.
Some virus might scan your network and bruteforce it.

Reply Options

Unfold Re: Someone trying to hack my WD White light by

nugga, 18 Sep 2009 13:58

Fold

Re: Someone trying to hack my WD White light

drangina 22 Sep 2009 18:54

Thanks for the info. Basically i updated my firmware, disabled SSH and changed my passwords to extreme level.
Everything working fine now.
Thanks

Reply Options

Unfold Re: Someone trying to hack my WD White light by

drangina, 22 Sep 2009 18:54

Hacking WD MyBook World Ed

Main

Browse

FAQs

Page tags

Add a new page

Other interesting sites

WikiNorm

SERC Schools in THEP

TalkingPad Project

Ammon Allred's Online Classroom