Automated SSH attacks
Federico Voges
ftc at ftc.com.ar
Fri Jul 31 01:21:49 PDT 2009
david.bandel at gmail.com wrote:
> Folks,
>
> Well, I think I hit another milestone yesterday. I had one firewall at
> a client site that logged 66,352 login attempts (bad user or password)
> during the 24 hours from 29-30 July. That's nearly one attack per
> second all day and all night long. It's filling my syslog sql database
> log. Gonna have to purge some of the older syslog entries and vacuum
> the database.
>
> I remember when 6 attacks a night was a lot.
>
> Ciao,
>
> David A. Bandel
>
I've "fixed" the problem by changing the ssh port. It won't stop anyone
trying to get into my server if they really want to, but it keeps my
logs clean.
If you go that route, I'd recommend that you create/edit your
~/.ssh/config so you don't have to specify the port on the command line:
Host somehost.com
Port XXXX
Cheers,
Fed.
More information about the Linux-users
mailing list