shh bruteforce attacks - Community & Forums Related Discussions
As you have noticed, our IRC server was done for about on day. Before it went down (I dont know why it went), there were bruteforce attacks going on.

I noticed that my box has been under attack for couple days know but nobody hasnt gain any access.

Now, you should check your host(s) logs and see if all our servers is/were under attack.

Heres some of IPs where attack came from:
What's programmers favorite thing to do? DELETE CODE!
oh no you didnt
These attacks aren't targeted at anyone specifically, rather it's automated programs searching a range of IP addresses and brute forcing them.

However, if you use weak passwords, I would change them and add some Iptable rules to filter any bruteforcing.

The majority of these brute force attempts originate from china and have been caught by some honey pots.

ptables -A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
Well, I hope they have fun trying to crack my 44 character password.
Isn't there a limit of attempt per minutes?
If not you should definetelly do it.
I already setup a firewall rules to limit the number of attempts to ssh per second. Then to block that Ip if 3 attempts have been made by the IP in 1 minute.
Yeah IPTables would be nice.

By the way, you can use Fail2ban which is really izi and fast to set up!

Or just change the SSH listening port ;)
These ssh attacks just get better and better...

i honestly have no fucking idea
Dude, your setup, it's so slick!

Have you posted the specs in the desktop pics thread?


(Sorry for being OT, but I had to ask. And I figured that PMing wouldn't stimulate anyone other than me.)
"Willful ignorance is a crime"
How comes all the requests comes from 1 single IP and it's not blocked. However, I see that there's at least 4s between each attempts.

Members  |  Stats  |  Night Mode