[BUGS] Constant SSH login spam
Rhycel Cris
rhycel at gmail.com
Wed Feb 6 17:42:09 EST 2008
just DENY port 22 on your firewall rule and allow only those IP that you
use..
then u wont hear from them anymore :)
On Feb 4, 2008 2:53 AM, Jerahmy Pocott <quakenet1 at optusnet.com.au> wrote:
> Hey,
>
> Is anyone else seeing massive amounts of SSH login attempts on their
> servers? Is there some recent SSH vulnerability that I didn't hear
> about? My firewall here is constantly blocking connections, around 200
> or so per day.. Then on a server that actually allows remote ssh
> connections I get security log files going into the megabytes listing
> things like:
>
> Feb 3 03:31:57 beastie sshd[65656]: Invalid user a from 190.76.248.24
> Feb 3 03:32:00 beastie sshd[65658]: Invalid user b from 190.76.248.24
> Feb 3 03:32:02 beastie sshd[65660]: Invalid user c from 190.76.248.24
>
> Going through millions of names and this server requires an RSA key
> pair to connect, yet they keep trying for hours and hours on end.. Is
> there some sort of virus/botnet thing that does this automatically
> trying to harvest logins and spread? It just seems too stupid even be
> a person using some script..
> _______________________________________________
> BUGS mailing list
> BUGS at bugs.au.freebsd.org
> http://mailman.barnet.com.au/mailman/listinfo/bugs
>
--
-rhycel-
count your blessings.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.barnet.com.au/pipermail/bugs/attachments/20080206/b0e23fde/attachment.html
More information about the BUGS
mailing list