Re: [CentOS] SSH attacks from china

2009-07-29 Thread Sorin Srbu
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Kai Schaetzl Sent: Sunday, July 26, 2009 5:32 PM To: centos@centos.org Subject: Re: [CentOS] SSH attacks from china Sorin Srbu wrote on Sat, 25 Jul 2009 19:40:28 +0200: What if you have

Re: [CentOS] SSH attacks from china

2009-07-29 Thread Sorin Srbu
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of luc...@lastdot.org Sent: Sunday, July 26, 2009 11:27 PM To: CentOS mailing list Subject: Re: [CentOS] SSH attacks from china Vietnam and Indonezia are also suspects in my list. The biggest

Re: [CentOS] SSH attacks from china

2009-07-29 Thread luc...@lastdot.org
On Wed, Jul 29, 2009 at 9:10 PM, Sorin Srbusorin.s...@orgfarm.uu.se wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of luc...@lastdot.org Sent: Sunday, July 26, 2009 11:27 PM To: CentOS mailing list Subject: Re: [CentOS] SSH attacks

Re: [CentOS] SSH attacks from china

2009-07-26 Thread luc...@lastdot.org
On Sat, Jul 25, 2009 at 6:40 PM, Sorin Srbusorin.s...@orgfarm.uu.se wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of luc...@lastdot.org Sent: Friday, July 24, 2009 1:09 PM To: CentOS mailing list Subject: Re: [CentOS] SSH attacks

Re: [CentOS] SSH attacks from china

2009-07-26 Thread Robert
you say you banned them in the gateway for ssh and ftp... what type of gateway? would you share the place you got the info from and/or the ip blocks please? thanks - rh ___ CentOS mailing list CentOS@centos.org

Re: [CentOS] SSH attacks from china

2009-07-26 Thread luc...@lastdot.org
On Sun, Jul 26, 2009 at 3:02 PM, Robertlist...@abbacomm.net wrote: you say you banned them in the gateway for ssh and ftp... what type of gateway? would you share the place you got the info from and/or the ip blocks please? thanks  - rh ___

Re: [CentOS] SSH attacks from china

2009-07-26 Thread Kai Schaetzl
Sorin Srbu wrote on Sat, 25 Jul 2009 19:40:28 +0200: What if you have legit users from China and Korea trying to connect to your server(s)? What if he does not? See, you always use the solution that fits you and your setup/environment/needs. Kai -- Kai Schätzl, Berlin, Germany Get your web

Re: [CentOS] SSH attacks from china

2009-07-26 Thread luc...@lastdot.org
On Sun, Jul 26, 2009 at 4:31 PM, Kai Schaetzlmailli...@conactive.com wrote: Sorin Srbu wrote on Sat, 25 Jul 2009 19:40:28 +0200: What if you have legit users from China and Korea trying to connect to your server(s)? What if he does not? See, you always use the solution that fits you and your

Re: [CentOS] SSH attacks from china

2009-07-25 Thread Sorin Srbu
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of luc...@lastdot.org Sent: Friday, July 24, 2009 1:09 PM To: CentOS mailing list Subject: Re: [CentOS] SSH attacks from china I banned all China and Korea in my gateway :) (not for all ports

Re: [CentOS] SSH attacks from china

2009-07-24 Thread Andreas Rogge
Am Donnerstag, den 23.07.2009, 19:45 +0100 schrieb Miguel Medalha: I moved the ssh port from the standard 22 to a high port. The attempts to break into my servers disappeared. The logs are clean now. I would advise you to do the same. Choose a high ( 1024) unused port and configure the

Re: [CentOS] SSH attacks from china

2009-07-24 Thread Ralph Angenendt
Andreas Rogge wrote: Am Donnerstag, den 23.07.2009, 19:45 +0100 schrieb Miguel Medalha: I moved the ssh port from the standard 22 to a high port. The attempts to break into my servers disappeared. The logs are clean now. I would advise you to do the same. Choose a high ( 1024) unused port

Re: [CentOS] SSH attacks from china

2009-07-24 Thread John
Am Donnerstag, den 23.07.2009, 19:45 +0100 schrieb Miguel Medalha: I moved the ssh port from the standard 22 to a high port. The attempts to break into my servers disappeared. The logs are clean now. I would advise you to do the same. Choose a high ( 1024) unused port and configure the clients

Re: [CentOS] SSH attacks from china

2009-07-24 Thread Andreas Rehmer
Hi i am using the following way to dissallow ssh connects without having the Problem of specific IPs or something else. Before you get access to the machine you must visit a webpage protected by httpauth. This start a small script that put the Remote Adress into a list. Only if your ip is on

Re: [CentOS] SSH attacks from china

2009-07-24 Thread luc...@lastdot.org
On Fri, Jul 24, 2009 at 12:04 PM, Andreas Rehmerreh...@teltarif.de wrote: Hi i am using the following way to dissallow ssh connects without having the Problem of specific IPs or something else. Before you get access to the machine you must visit a webpage protected by httpauth. This start a

Re: [CentOS] SSH attacks from china

2009-07-24 Thread Eduardo Silvestre
: Sexta-feira, 24 de Julho de 2009 12H04m GMT +00:00 GMT Britain, Ireland, Portugal Subject: Re: [CentOS] SSH attacks from china Hi i am using the following way to dissallow ssh connects without having the Problem of specific IPs or something else. Before you get access to the machine you must visit

Re: [CentOS] SSH attacks from china

2009-07-24 Thread Ralph Angenendt
John wrote: Using a non default port is not the solution, because history has learned that security by obscurity never worked. It's not security by obscurity, moving the default port is just to not see all that garbage in the log files - as the automated scripts don't check for ssh on

Re: [CentOS] SSH attacks from china

2009-07-24 Thread Kai Schaetzl
Bob Hoffman wrote on Thu, 23 Jul 2009 12:37:54 -0400: Enjoy this..., 8000+ attempts. I did not enjoy this. Could you please consider next time putting such a log up under a link somewhere and refer to it instead of sending it all to the list? Thanks. Kai -- Kai Schätzl, Berlin, Germany Get

Re: [CentOS] SSH attacks from china

2009-07-24 Thread Miguel Medalha
Using a non default port is not the solution, because history has learned that security by obscurity never worked. It's not security by obscurity, moving the default port is just to not see all that garbage in the log files - as the automated scripts don't check for ssh on

[CentOS] SSH attacks from china

2009-07-23 Thread Bob Hoffman
Okay, I have a server connected to the net but have not added fail2ban or anything on top of my firewall yet. Thought you guys might get a kick out of this one user, ip is from china, who has got a heck of a knack for making assumptions on possible usernames. Enjoy this..., 8000+ attempts.

Re: [CentOS] SSH attacks from china

2009-07-23 Thread Sam Drinkard
Bob Hoffman wrote: Okay, I have a server connected to the net but have not added fail2ban or anything on top of my firewall yet. Thought you guys might get a kick out of this one user, ip is from china, who has got a heck of a knack for making assumptions on possible usernames. Enjoy

Re: [CentOS] SSH attacks from china

2009-07-23 Thread Miguel Medalha
Enjoy this..., 8000+ attempts. I moved the ssh port from the standard 22 to a high port. The attempts to break into my servers disappeared. The logs are clean now. I would advise you to do the same. Choose a high ( 1024) unused port and configure the clients accordingly.

Re: [CentOS] SSH attacks from china

2009-07-23 Thread mark . hanna
Sam Drinkard s...@wa4phy.net Sent by: centos-boun...@centos.org 07/23/2009 11:49 AM Please respond to CentOS mailing list centos@centos.org To CentOS mailing list centos@centos.org cc Subject Re: [CentOS] SSH attacks from china Bob Hoffman wrote: Okay, I have a server connected