Is China the only country responsible for hacking and attacking computers?

No.  We have discovered over the years that all countries have malicious users and cyber threats.

Before pointing fingers, research the threat and go ahead and block or blacklist any IP address that is hitting your target computers.  Why?  These machines can be under the control from another country or from a different ISP.

How can you tell where it is really from?

A lot of servers use X-Forwarded headers but this can be misleading in that you can get the private IP address of a client or you may get a machine that is being remotely controlled by a hacker that in turn is passing through several proxy servers.

Another problem you have with tracking IP addresses is add-ons.  With privacy concerns, many people rely on add-ons such as Firefox’s add-on that allows this information to be spoofed.  The description even says, “With this add-on, you can assign an arbitrary IP address to the X-Forwarded-For field, attempt to perform XSS by including HTML in this field, or even attempt SQL injection…

Often your best choice is to blacklist IP addresses and look for patterns in packets of data that attempts break-ins and attacks.  Notify ISPs about the attempt by emailing their abuse email.  Hopefully with any cooperation, rogue proxies can be discovered and sometimes the real IP address given back to you – if the ISP cooperates, can technically help or even has the time to do so.

Of course enough cannot be written about updates for your OS, any third party software and your webserver’s code.  Always perform penetration tests and check logs daily.  Use a hardware firewall and always have an IPS/IDS in place.  There’s a million other security tips.

There hasn’t been a single consultation where I didn’t find multiple countries hitting servers, routers or other network devices.

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s