[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Abuse complaints about brute forceing via ssh

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Abuse complaints about brute forceing via ssh
From: cmeclax-sazri <cmeclax-sazri@xxxxxxxxxxxxxxxx>
Date: Mon, 2 Jan 2012 06:23:31 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 02 Jan 2012 06:23:52 -0500
In-reply-to: <CAD2Ti29z+BvtaUR6WYDF0FUfFPiJ6rL+TGmAEQFbc4gGZH5oBQ@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for support and questions about running Tor relays \(exit, non-exit, bridge\)." <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <201112310759.45115.klaus.layer@xxxxxx> <CAJdkzEMSHaPBy5mK0+JPhtyiYr_sp1SAK=GjiSbfWQCERh93eA@xxxxxxxxxxxxxx> <CAD2Ti29z+BvtaUR6WYDF0FUfFPiJ6rL+TGmAEQFbc4gGZH5oBQ@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.6 (enterprise 0.20070907.709405)

On Sunday 01 January 2012 23:36:13 grarpamp wrote:
> This 'attack' has been going on for YEARS. Nobody's really getting
> shells (well some are), just dictionaried. The problem is that
> OpenSSH logs this by default and people freak out when they
> see it in their logs. It's just background noise. Real admins
> tune it out and use ssh keys instead.

I wrote a shell script that watches the logs and shuts off all access from an 
address that starts guessing passwords. My Linux box (which is what you get 
entering on port 22) doesn't have a root password (I use sudo), so anyone who 
tries to guess root passwords gets nothing but the door slammed shut in his 
face. Others try guessing "sales", "pgsql", "tony", "newsletter", "visitor", 
etc.; I don't think I've ever seen any guess my real username.

cmeclax
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Abuse complaints about brute forceing via ssh
  - From: Paul Staroch

References:
- Re: [tor-relays] Abuse complaints about brute forceing via ssh
  - From: grarpamp

Prev by Author: [tor-relays] Out of the mailing list
Next by Author: [tor-relays] planned downtime
Previous by thread: Re: [tor-relays] Abuse complaints about brute forceing via ssh
Next by thread: Re: [tor-relays] Abuse complaints about brute forceing via ssh
Index(es):
- Author
- Thread