[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] SSH attempts

Subject: [ale] SSH attempts
From: david at systemoverlord.com (David Tomaschik)
Date: Mon, 12 Sep 2011 11:27:16 -0400
In-reply-to: <CA+f4BnO4jKWb_H8T71+Vr4E==TMoyzWMe3=H1DR9FsGLKSyN0g@mail.gmail.com>
References: <CA+f4BnO4jKWb_H8T71+Vr4E==TMoyzWMe3=H1DR9FsGLKSyN0g@mail.gmail.com>

You could drop traffic from that host/subnet/etc, at the risk of
blocking legitimate traffic.

Most likely, those hosts are compromised hosts, unless ServerLoft is a
bit of a black hat haven.  They'll probably notify the VPS owners
and/or take them down.

David


On Mon, Sep 12, 2011 at 11:05 AM, David Hillman <hillmands at gmail.com> wrote:
> According to the PortSentry logs for my server, I have received thousands of
> connection attempts via SSH port 22. ?Of course, that is not the port the
> real SSH service is listening on. Logins were also disabled for root.
> What's interesting is the IP addresses all belong to Serverloft
> (www.serverloft.eu); most attempts came from 188.138.32.16
> (loft4385.serverloft.eu). ?I am guessing someone with a few VPS boxes has
> nothing better to do than use up network bandwidth to terrorize the rest of
> us. ?Or, maybe those boxes have been compromised.
> I have e-mailed the folks over over at Serverloft, but I don't expect
> anything of it. ?Is there anything else I can do?



-- 
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com

References:
- [ale] SSH attempts
  - From: hillmands at gmail.com (David Hillman)

Prev by Date: [ale] SSH attempts
Next by Date: [ale] SSH attempts
Previous by thread: [ale] SSH attempts
Next by thread: [ale] SSH attempts
Index(es):
- Date
- Thread