[olug] attempted attacks
Phil Brutsche
phil at brutsche.us
Tue Mar 8 17:02:27 UTC 2005
Eric Lusk wrote:
> Someone has too much time on their hands. They have to to be trying
> to log into my server.
It's not necessarily someone with too much time on their hands - there
are many automated tools out there with a list of common usernames and
passwords that scan the entire 'net for easy pickings.
Frankly, I'm surprised you didn't notice it before - it's been going on
for over 6 months now.
BTW, there are more effective ways of protecting ssh from these loosers
than hosts.deny:
a) put your systems in hosts.allow and block everything else with
hosts.deny
b) change the port number ssh uses on your systems
Why these and not putting the loosers in hosts.deny?
You will be blacklisting an IP *after* it has already done it's thing -
chances are you will not be seeing the IP number again. Just act
preemptively and make the problem disappear forever.
--
Phil Brutsche
phil at brutsche.us
More information about the OLUG
mailing list