Had an interesting notification from #Fail2Ban yesterday. Instead of Nextcloud, this one came from the "apache-auth" jail, which protects a pseudo-hidden/password protected service that has links intended for my family.
Anyway, somebody at the "Children's Hospital Colorado" found it, probably via port scan. Instead of failing auth, they got booted for trying to escape the web root to look at files like "/etc/passwd" and "/winnt/win.ini". I notified their IT dept.
@gerowen Could be port scan. Or more likely, your family has some compromised computers. I got web site requests for photos five minutes after e-mailing friends a secret link to the dinner photos, from several of the usual foreign hack attack countries.
So one or more of my friends has a computer that looks for interesting URLs (credit cards, social graphs?, etc), and notifies several foreign actors to look into it (or they are spying on each other). Yikes!
@AGMS00 That's very possible. I noticed that at least some of my extended family have compromised devices because I started getting occasional spam mail at a new email alias very shortly after using it to send out a mass email to the people without access. So somebody has a device, or an email account that's compromised.
Add comment