I prefer to use something like denyhosts to simply block the offending ip's as moving the port seems somewhat to be security through obscurity. But this kind of activity isn't new, by any means. a few months ago when I setup a SSH server open to the world and watched the logs I had a rush of them get blocked in the first few days, then it quietened down. All of them where other compromised windows/linux boxes.
On 8/1/07, Alex Samad <[EMAIL PROTECTED]> wrote: > > On Tue, Jul 31, 2007 at 07:05:33PM +1000, Amos Shapira wrote: > > On 31/07/07, Alex Samad <[EMAIL PROTECTED]> wrote: > > > > > > Hi > > > > > > Seems like I am getting attacked from these ip's > > > 59.124.57.147 > > > 61.180.85.226 > > > 155.230.106.163 > > > 202.107.245.4 > > > 202.188.161.66 > > > 210.164.31.91 > > > 212.210.63.18 > > > 219.149.182.145 > > > 219.94.132.52 > > > > > > > > > any one else seeing any new activity ? I currently have rate limiting > on > > > ssh > > > attempts so not to bothered (it also key only) > > > > > > I just moved my ssh port to a non-standard one to never see or hear of > such > > attacks ever. > unfortunately not an option > > > > > --Amos > > -- > > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFGr6GIkZz88chpJ2MRAmI0AJ9eEBv75/CrZiEa90gpmQGWZ2/+ggCfcoTg > M5ZUp7Qg20MARoh8m4QoQz0= > =MrNh > -----END PGP SIGNATURE----- > > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
