[BUGS] Constant SSH login spam
Jerahmy Pocott
quakenet1 at optusnet.com.au
Mon Feb 4 03:53:16 EST 2008
Hey,
Is anyone else seeing massive amounts of SSH login attempts on their
servers? Is there some recent SSH vulnerability that I didn't hear
about? My firewall here is constantly blocking connections, around 200
or so per day.. Then on a server that actually allows remote ssh
connections I get security log files going into the megabytes listing
things like:
Feb 3 03:31:57 beastie sshd[65656]: Invalid user a from 190.76.248.24
Feb 3 03:32:00 beastie sshd[65658]: Invalid user b from 190.76.248.24
Feb 3 03:32:02 beastie sshd[65660]: Invalid user c from 190.76.248.24
Going through millions of names and this server requires an RSA key
pair to connect, yet they keep trying for hours and hours on end.. Is
there some sort of virus/botnet thing that does this automatically
trying to harvest logins and spread? It just seems too stupid even be
a person using some script..
More information about the BUGS
mailing list