[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Abuse complaints about brute forceing via ssh



On Sunday 01 January 2012 23:36:13 grarpamp wrote:
> This 'attack' has been going on for YEARS. Nobody's really getting
> shells (well some are), just dictionaried. The problem is that
> OpenSSH logs this by default and people freak out when they
> see it in their logs. It's just background noise. Real admins
> tune it out and use ssh keys instead.

I wrote a shell script that watches the logs and shuts off all access from an 
address that starts guessing passwords. My Linux box (which is what you get 
entering on port 22) doesn't have a root password (I use sudo), so anyone who 
tries to guess root passwords gets nothing but the door slammed shut in his 
face. Others try guessing "sales", "pgsql", "tony", "newsletter", "visitor", 
etc.; I don't think I've ever seen any guess my real username.

cmeclax
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays