[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Abuse complaints about brute forceing via ssh

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Abuse complaints about brute forceing via ssh
From: Paul Staroch <paulchen@xxxxxxxxxx>
Date: Mon, 02 Jan 2012 12:26:56 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 02 Jan 2012 06:33:47 -0500
In-reply-to: <201201020623.32888.cmeclax-sazri@xxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for support and questions about running Tor relays \(exit, non-exit, bridge\)." <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <201112310759.45115.klaus.layer@xxxxxx> <CAJdkzEMSHaPBy5mK0+JPhtyiYr_sp1SAK=GjiSbfWQCERh93eA@xxxxxxxxxxxxxx> <CAD2Ti29z+BvtaUR6WYDF0FUfFPiJ6rL+TGmAEQFbc4gGZH5oBQ@xxxxxxxxxxxxxx> <201201020623.32888.cmeclax-sazri@xxxxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111124 Thunderbird/8.0

Am 2012-01-02 12:23, schrieb cmeclax-sazri:
> On Sunday 01 January 2012 23:36:13 grarpamp wrote:
>> This 'attack' has been going on for YEARS. Nobody's really getting
>> shells (well some are), just dictionaried. The problem is that
>> OpenSSH logs this by default and people freak out when they
>> see it in their logs. It's just background noise. Real admins
>> tune it out and use ssh keys instead.
> I wrote a shell script that watches the logs and shuts off all access from an 
> address that starts guessing passwords.

That is exactly what tools like "fail2ban" are for.


Paul

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- Re: [tor-relays] Abuse complaints about brute forceing via ssh
  - From: grarpamp
- Re: [tor-relays] Abuse complaints about brute forceing via ssh
  - From: cmeclax-sazri

Prev by Author: Re: [tor-relays] planned downtime
Next by Author: Re: [tor-relays] Out of the mailing list
Previous by thread: Re: [tor-relays] Abuse complaints about brute forceing via ssh
Next by thread: [tor-relays] planned downtime
Index(es):
- Author
- Thread