rejetto forum
Software => HFS ~ HTTP File Server => Topic started by: Solitary_God on May 06, 2009, 04:02:43 PM
-
Hello all, I have been using HFS for quiet some time. Recently I have been getting some unwanted traffic to my file server. It seems that the intruder is making a large number of connection attempts, possibly using authentication brute force attempts. I have blocked the IP(s) that this traffic is coming from, but I can still hear the connection alarm when a connection attempt is made.
Are there any known vulnerabilities for HFS 2.2F?
I looked around and noticed that previous versions did have vulnerabilities, but I was curious if any of you have had the same issues?
Note: When I view the "http request", it seems they might be trying to use HFS as a proxy of some sort.I will get off websites, yahoo and google within the http request.
Any ideas on this guys?
Solitary God
-
you hear the connection alarm? i don't know what it is :-\
there are no known vulnerabilities in 2.2f
-
Yes, in the options you can set HFS to beep on connection. I get a large and rapid number of beeps indicating connection attempts.
For everyone's information, the IP addresses this traffic is coming from is:
221.192.199.36
208.43.133.130
61.191.56.150
When you right click on a connection, you can "view http request". When I do so I see various "free" website addresses and some better known websites such as google, yahoo, etc. What I mean by "free websites" is freewebs, geocities, and others. Oddly, when I or someone I "know" connects and I view the http request, I see the web browser agent... like it should show.
I blocked the offending IP's with my firewall, along with banning them through HFS. It seems I am getting a very large (hundreds) number of these connections, far too fast for someone trying to visit the file server through a web browser... maybe a brute force authentication attack, proxy, or something else automated. My file server is "open", meaning there is no password set, other than my software folder ( I have multiple open folders)
I was just curious if anyone else was noticing the same. I have forced my IP address to change multiple times, but the unwanted traffic keeps reappearing within a a few hours. I'm fairly certain that it's just script kiddies port scanning my subnet looking for something of interest, but still I wanted to inform everyone and ask if there were any known vulnerabilities.
Thank you for responding.
Solitary God
-
they are clearly searching for proxies.
if banning them won't be enough, a good solution may be to use a non-standard port.
your post gave me an idea: the beep should not be done for connections that get disconnected without a reply (because of banning).
i will do this for version 2.3
-
Great idea... can't help but open HFS whenever I hear the beep... starting to feel like I'm chasing ghosts... or being too paranoid.
Keep up the good work... I've used HFS for several years now, and I've never had any problems.. I'm a computer technician and use HFS to access my file server from job sites, wonderful solution, as it beats the hell out of using FTP.
Solitary_God
-
it won't beep if you blocked those IPs on your firewall.
anyway, if the beep is actually annoying and not useful, remember you can change the rule or disable it. :)