[PLUG] Denyhosts, Cracking Attempts, and Intensity
Rich Shepard
rshepard at appl-ecosys.com
Fri Jun 5 13:54:15 UTC 2009
Not long ago there was a thread on cracking attempts via ssh. Several
commenters reported that the perpetrators gave up after a few tries. My
experience is that every day a variable number of potential crackers bang on
the system via sshd, but most of them must use script automation because
most just keep trying. They're all rejected, but the number of attempts can
be impressive.
Here's today's logwatch summary for yesterday's attempts:
--------------------- SSHD Begin ------------------------
Failed logins from:
83.14.99.10 (sig.com.pl): 10 times
88.191.77.63 (sd-14397.dedibox.fr): 66 times
Illegal users from:
83.14.99.10 (sig.com.pl): 1 time
88.191.77.63 (sd-14397.dedibox.fr): 3742 times
Locked account login attempts:
postfix : 5 Time(s)
---------------------- SSHD End -------------------------
The ratio of failed logins to illegal users varies, but both numbers can
be quite high.
Thought I'd share with you because I don't understand why folks will try
to log in as postfix or another service.
Rich
--
Richard B. Shepard, Ph.D. | Integrity Credibility
Applied Ecosystem Services, Inc. | Innovation
<http://www.appl-ecosys.com> Voice: 503-667-4517 Fax: 503-667-8863
More information about the PLUG
mailing list