In the worst, somebody is trying to brute force you servers, which is virtually impossible via Internet if you do enforce relatively strong passwords. And in the less, it's just some random attempts. However, if you're pretty sure somebody is trying to obtain access to your servers, you could install an easy to configure service such as Apache to be your honeypot, and put some "seems interesting" data, such as a "lost" password file in your htdocs. You could then check if someone is trying to use those passwords to log in. It is very likely that you will get some interesting information in Apache's logs about your fellas.
On Sun, 26 Sep 2004 13:12:46 +1000, Phil Scarratt <[EMAIL PROTECTED]> wrote: > Howdy > > Over the last 3-4 days all machines under my control with public access > have logged attempts by someone(people) to log in via ssh (only port > that is open on the machines). They've tried usernames like test, admin, > root and a half a dozen other generic system usernames. They're using, > in some cases, unresolvable ip addresses, and some of the same ip > addresses pop up on totally unrelated machines. As far as I can tell > they haven't succeeded. > > Anyone else been getting such attacks? Just seems a little odd that all > of a sudden after a long period of silence, someone (peoples) tries now. > > Fil > > -- > ^__^ > / \ F I R E F O X > \ / www.getfirefox.com > \ \___ > \ _/ /| > \ \___/ | > \ / > \_____/ > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- Julio C. Ody http://rootshell.be/~julioody -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/SS/CC d@ s: a? C++(+++) ULB+++$ P++++ L+++$ !E W++(+++) N+ !o K- !w O- M V- PS+ PE Y+ PGP++(-) t 5 X R+ tv-- b++ DI-- D+ G++ e h r+ y++* ------END GEEK CODE BLOCK------ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
