Blog | Technical

Russian Hackers are they real ?

Many stories in the news just now about Russian Hackers impacting elections and trying to influence organisations.
Are Russian hackers any worse than anywhere else ?

Eighteen months ago I decided to perform additional checks on the webservers that we run.

I knew that hackers were trying to break in every day, despite ther ebeing no real persoanl data or monetary information held on our servers.

How do you know people are trying to break in ? The simplest mechansim is to use SQL injection. This means when addressing a website the hacker adds additional information to the URL.

therefore instead of a typical URL call:
-- https://dafc.co.uk/news.php?c=News&sc=DAFC%20News

they will do this:
-- https://dafc.co.uk/news.php?c=News&sc=">=String.fromCharCode(88,83,83))

As soon as this URL is received it can be identified as an attempted hack and break in.

Another injection format is:

-- [URL]t=../../../../../etc/passwd%00&ID=11210

-- [URL]t=853205&f=7&i=853205%27%20AnD%20sLeep%283%29%20ANd%20%270%27%3D%270

picIf you record the IP address of this user, mark it in a table and store the country of origin. Over the last 18 months I have 2,937 actuall banned IP addresses based on the initial type of break in shown above. We do need to resolve the 628 "not found" entries to give a better indication of locations.

The table shown above shows the countries and the number of IP`s banned, it is interesting to note that there are more banned IP`s from the USA compared to Russia. One reason may be that other countries use VPN`s linked to servers in the USA.One side effect of immediately banning an IP address is that the hacker does not get too many attempts at trying to find a hole in our systems. Hopefully it is enough to keep them at bay !

It does not stop people attempting to break in, one IP address has attempted to break in 33,521 times ! obviosuly persistant and think we have valuable data that they can steal. They will be disappointed should they manage to break in.