[ale] SSH attempts
David Tomaschik
david at systemoverlord.com
Mon Sep 12 11:27:16 EDT 2011
You could drop traffic from that host/subnet/etc, at the risk of
blocking legitimate traffic.
Most likely, those hosts are compromised hosts, unless ServerLoft is a
bit of a black hat haven. They'll probably notify the VPS owners
and/or take them down.
David
On Mon, Sep 12, 2011 at 11:05 AM, David Hillman <hillmands at gmail.com> wrote:
> According to the PortSentry logs for my server, I have received thousands of
> connection attempts via SSH port 22. Of course, that is not the port the
> real SSH service is listening on. Logins were also disabled for root.
> What's interesting is the IP addresses all belong to Serverloft
> (www.serverloft.eu); most attempts came from 188.138.32.16
> (loft4385.serverloft.eu). I am guessing someone with a few VPS boxes has
> nothing better to do than use up network bandwidth to terrorize the rest of
> us. Or, maybe those boxes have been compromised.
> I have e-mailed the folks over over at Serverloft, but I don't expect
> anything of it. Is there anything else I can do?
--
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com
More information about the Ale
mailing list