[ale] SSH attempts

David Tomaschik david at systemoverlord.com
Mon Sep 12 11:27:16 EDT 2011


You could drop traffic from that host/subnet/etc, at the risk of
blocking legitimate traffic.

Most likely, those hosts are compromised hosts, unless ServerLoft is a
bit of a black hat haven.  They'll probably notify the VPS owners
and/or take them down.

David


On Mon, Sep 12, 2011 at 11:05 AM, David Hillman <hillmands at gmail.com> wrote:
> According to the PortSentry logs for my server, I have received thousands of
> connection attempts via SSH port 22.  Of course, that is not the port the
> real SSH service is listening on. Logins were also disabled for root.
> What's interesting is the IP addresses all belong to Serverloft
> (www.serverloft.eu); most attempts came from 188.138.32.16
> (loft4385.serverloft.eu).  I am guessing someone with a few VPS boxes has
> nothing better to do than use up network bandwidth to terrorize the rest of
> us.  Or, maybe those boxes have been compromised.
> I have e-mailed the folks over over at Serverloft, but I don't expect
> anything of it.  Is there anything else I can do?



-- 
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com



More information about the Ale mailing list