• sylver_dragon
      link
      English
      2
      edit-2
      3 months ago

      Not really. IP addresses are really easy to change. And doubtless the threat actors will see that their IPs have been identified and will roll them over soon. The solution is to go after the tactics the attackers are using:

      The attack chains exploit known security vulnerabilities and misconfigurations, such as weak credentials, to obtain an initial foothold and execute arbitrary code on susceptible instances.

      1. Install your updates. If you have a server open to the internet and you haven’t patched known exploited vulnerabilities, you deserve to have your network ransomed.
      2. Many products have either vendor provided or useful third party security configuration guides. While there are situations where business processes prevent some configuration changes, these guides should be followed when possible. And weak passwords should not be on that list.

      EDIT: for Oracle Web Logic, you do a lot worse that going through the DoD STIG for it.