+- nixers (https://nixers.net)
+-- Forum: General (https://nixers.net/Forum-General)
+--- Forum: Community & Forums Related Discussions (https://nixers.net/Forum-Community-Forums-Related-Discussions)
+--- Thread: shh bruteforce attacks (/Thread-shh-bruteforce-attacks)
shh bruteforce attacks - vompatti - 20-11-2012
As you have noticed, our IRC server was done for about on day. Before it went down (I dont know why it went), there were bruteforce attacks going on.
I noticed that my box has been under attack for couple days know but nobody hasnt gain any access.
Now, you should check your host(s) logs and see if all our servers is/were under attack.
Heres some of IPs where attack came from:
RE: shh bruteforce attacks - Amzo - 20-11-2012
These attacks aren't targeted at anyone specifically, rather it's automated programs searching a range of IP addresses and brute forcing them.
However, if you use weak passwords, I would change them and add some Iptable rules to filter any bruteforcing.
The majority of these brute force attempts originate from china and have been caught by some honey pots.
Code:
ptables -A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPTRE: shh bruteforce attacks - jmbi - 20-11-2012
Well, I hope they have fun trying to crack my 44 character password.
RE: shh bruteforce attacks - venam - 21-11-2012
Isn't there a limit of attempt per minutes?
If not you should definetelly do it.
/etc/security/limits.conf
RE: shh bruteforce attacks - Amzo - 21-11-2012
I already setup a firewall rules to limit the number of attempts to ssh per second. Then to block that Ip if 3 attempts have been made by the IP in 1 minute.
RE: shh bruteforce attacks - jolia - 23-11-2012
Yeah IPTables would be nice.
By the way, you can use Fail2ban which is really izi and fast to set up!
Or just change the SSH listening port ;)
RE: shh bruteforce attacks - jmbi - 03-12-2012
These ssh attacks just get better and better...
[](http://i.imgur.com/9KdeK.png)
RE: shh bruteforce attacks - jmbi - 03-12-2012
i honestly have no fucking idea
RE: shh bruteforce attacks - Dritz - 04-12-2012
Dude, your setup, it's so slick!
Have you posted the specs in the desktop pics thread?
LOL BTW.
(Sorry for being OT, but I had to ask. And I figured that PMing wouldn't stimulate anyone other than me.)
RE: shh bruteforce attacks - venam - 04-12-2012
How comes all the requests comes from 1 single IP and it's not blocked. However, I see that there's at least 4s between each attempts.
RE: shh bruteforce attacks - jmbi - 04-12-2012
There are small attacks that come in groups, each one coming from a new IP address (most of them reside in China somewhere). There are usually 3-4 different attacks each day, and each individual attack looks like the one in the screenshot.
RE: shh bruteforce attacks - gurhush - 05-12-2012
Doubt it's Terminal. It's likely random people in China (most sensical candidate) or someone with an agenda against us AND random people in china.