[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Abuse complaints about brute forceing via ssh
On Sunday 01 January 2012 23:36:13 grarpamp wrote:
> This 'attack' has been going on for YEARS. Nobody's really getting
> shells (well some are), just dictionaried. The problem is that
> OpenSSH logs this by default and people freak out when they
> see it in their logs. It's just background noise. Real admins
> tune it out and use ssh keys instead.
I wrote a shell script that watches the logs and shuts off all access from an
address that starts guessing passwords. My Linux box (which is what you get
entering on port 22) doesn't have a root password (I use sudo), so anyone who
tries to guess root passwords gets nothing but the door slammed shut in his
face. Others try guessing "sales", "pgsql", "tony", "newsletter", "visitor",
etc.; I don't think I've ever seen any guess my real username.
cmeclax
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays