[BUGS] Constant SSH login spam
Edwin Groothuis
edwin at mavetju.org
Mon Feb 4 08:24:11 EST 2008
On Mon, Feb 04, 2008 at 04:43:51AM +1100, Sunnz wrote:
> > Going through millions of names and this server requires an RSA key
> > pair to connect, yet they keep trying for hours and hours on end.. Is
> > there some sort of virus/botnet thing that does this automatically
> > trying to harvest logins and spread? It just seems too stupid even be
> > a person using some script..
>
> While it is always a good idea to keep your system and security errata
> up to date, it is not very likely that there is an actual SSH bug and
> believe it or not, stupid mindless bots run by script kiddies are
Keep in mind that these kind of attacks are a little bit more
expensive on the host regarding CPU than the standard telnet or
SMTP based attacks.
So moving it to a different port is a good first step. And a single
change in sshd_config and ssh_config will make this change transparent
for all your hosts.
Edwin
--
Edwin Groothuis | Personal website: http://www.mavetju.org
edwin at mavetju.org | Weblog: http://www.mavetju.org/weblog/
More information about the BUGS
mailing list