[BUGS] Constant SSH login spam
Peter Jeremy
peterjeremy at optushome.com.au
Mon Feb 4 05:28:39 EST 2008
On Mon, Feb 04, 2008 at 03:53:16AM +1100, Jerahmy Pocott wrote:
>Is anyone else seeing massive amounts of SSH login attempts on their
>servers?
I'm seeing about 2 attacks/day, a total of 3789 login attempts since
2008-Feb-01 10:00 AEST. I've been seeing this for months.
> Is there some recent SSH vulnerability that I didn't hear about?
I haven't heard of anything. Looking at the username/password
combinations, it looks like there are a couple of different bots. At
least one tries random usernames and passwords and another one is just
trying 'root' with random passwords. The timings and volume make it
unlikely that it's a real person. My box isn't a public server so
it's likely that the bots I'm seeing are just trying random IP
addresses.
If it's annoying you, I suggest you move your sshd to a different
port and either block port 22 or add a honeypot to it (which is what
I've done). Or run something like security/doorman.
--
Peter Jeremy
Please excuse any delays as the result of my ISP's inability to implement
an MTA that is either RFC2821-compliant or matches their claimed behaviour.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://mailman.barnet.com.au/pipermail/bugs/attachments/20080204/a73aebe2/attachment.bin
More information about the BUGS
mailing list