shh bruteforce attacks - Community & Forums Related Discussions
vompatti
As you have noticed, our IRC server was done for about on day. Before it went down (I dont know why it went), there were bruteforce attacks going on.

I noticed that my box has been under attack for couple days know but nobody hasnt gain any access.

Now, you should check your host(s) logs and see if all our servers is/were under attack.

Heres some of IPs where attack came from:
113.149.86.66
128.204.194.99
74.124.206.30
101.44.1.134
95.163.76.42
61.253.249.157
91.191.166.95
60.28.183.71
188.95.234.6
63.217.116.187
What's programmers favorite thing to do? DELETE CODE!
Git: https://github.com/vhakulinen
oh no you didnt
Amzo
These attacks aren't targeted at anyone specifically, rather it's automated programs searching a range of IP addresses and brute forcing them.

However, if you use weak passwords, I would change them and add some Iptable rules to filter any bruteforcing.

The majority of these brute force attempts originate from china and have been caught by some honey pots.

Code:
ptables -A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
jmbi
Well, I hope they have fun trying to crack my 44 character password.
venam
Isn't there a limit of attempt per minutes?
If not you should definetelly do it.
/etc/security/limits.conf
Amzo
I already setup a firewall rules to limit the number of attempts to ssh per second. Then to block that Ip if 3 attempts have been made by the IP in 1 minute.
Jolia
Yeah IPTables would be nice.

By the way, you can use Fail2ban which is really izi and fast to set up!

Or just change the SSH listening port ;)
jmbi
These ssh attacks just get better and better...

[![image](http://i.imgur.com/9KdeK.png)](http://i..../9KdeK.png)
jmbi
i honestly have no fucking idea
Dritz
Dude, your setup, it's so slick!

Have you posted the specs in the desktop pics thread?

LOL BTW.

(Sorry for being OT, but I had to ask. And I figured that PMing wouldn't stimulate anyone other than me.)
"Willful ignorance is a crime"
venam
How comes all the requests comes from 1 single IP and it's not blocked. However, I see that there's at least 4s between each attempts.




Members  |  Stats  |  Night Mode