On Fri, Jun 5, 2009 at 6:54 AM, Rich Shepard <[email protected]>wrote:
> Not long ago there was a thread on cracking attempts via ssh. Several > commenters reported that the perpetrators gave up after a few tries. My > experience is that every day a variable number of potential crackers bang > on > the system via sshd, but most of them must use script automation because > most just keep trying. They're all rejected, but the number of attempts can > be impressive. > > Here's today's logwatch summary for yesterday's attempts: > > --------------------- SSHD Begin ------------------------ > > Failed logins from: > 83.14.99.10 (sig.com.pl): 10 times > 88.191.77.63 (sd-14397.dedibox.fr): 66 times > > Illegal users from: > 83.14.99.10 (sig.com.pl): 1 time > 88.191.77.63 (sd-14397.dedibox.fr): 3742 times > > Locked account login attempts: > postfix : 5 Time(s) > > ---------------------- SSHD End ------------------------- > > The ratio of failed logins to illegal users varies, but both numbers can > be quite high. > > Thought I'd share with you because I don't understand why folks will try > to log in as postfix or another service. > > Rich > > -- > Richard B. Shepard, Ph.D. | Integrity Credibility > Applied Ecosystem Services, Inc. | Innovation > <http://www.appl-ecosys.com> Voice: 503-667-4517 Fax: > 503-667-8863 > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug The scripts probably just cycle through a list of common users to try hoping someone hasn't secured their box. If they can get in as postfix then they can try and work on becoming root. Drew- _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
