I logged into my local webserver admin panel & found that I had, yet again, been hacked. It looks like the damage was very minimal & I’m back to 100% (as far as I can tell), but this hack came from Turkey again.
For those of you that remember my previous experience with crackers you’ll remember those came from Turkey. I thought I had blacklisted Turkey via iptables using the 220.127.116.11/12 subnet. This recent attack came from 18.104.22.168. I’ve added 22.214.171.124/12 to my firewall.. any other tips on subnets originating from that country?
I’ve decided that two things need to happen.
1) VHCS needs to release a security patch. It’s been months with this hole sitting wide open. I feel like I’m running windows here!
2) I’m going to stop doing anything but personal site hosting & manually do everything by hand. A little more work but more secure.
I’d appreciate any more tips on locking out Turkey via firewall.
UPDATE: I came across http://blacklist.linuxadmin.org after I originally posted this. There is a simple generator there that’ll block a long list of countries by port. Could be a very helpful tool!