Phil Scarratt wrote:
Howdy
Over the last 3-4 days all machines under my control with public access
have logged attempts by someone(people) to log in via ssh (only port
that is open on the machines). They've tried usernames like test, admin,
root and a half a dozen other generic system usernames. They're using,
in some cases, unresolvable ip addresses, and some of the same ip
addresses pop up on totally unrelated machines. As far as I can tell
they haven't succeeded.
Anyone else been getting such attacks? Just seems a little odd that all
of a sudden after a long period of silence, someone (peoples) tries now.
Yes, gazillions of them on a daily basis, for a year or more. It's
just password guessing attacks. I left one machine open with a test
password of test in a chroot'ed environment just to see what would
happen (they seemed to try this one regularly) and they just seem to
want to install IRC bots in /tmp.
skr1pt k1dd135.
--
Del
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
