[ale] 300,000 failed login attempts in 6 months!!!
Forsaken
forsaken at targaryen.us
Tue Aug 19 19:03:17 EDT 2008
I'm used to seeing those entries in my logs. Bumping the ssh port up
into the 30,000 range and installing fail2ban made most of them go
away.
I also get quite a few idjuts throwing IIS5 buffer overflow exploits
at my web server. Script kiddies do what script kiddies do.. give
their scripts an IP block and see who's leaving their installs default.
> I don't want to restrict access to private/public key authentication,
> but other than continueing to use strong passwords, is there something
> else I should be doing to slow down the onslaught.
Honestly, I'd do this anyway. I don't even know my root password for
my servers. I have two local vty's that spawn with a root shell if I
ever manage to lock myself out of my box remotely, and not having to
remember passwords is so incredibly convenient.
More information about the Ale
mailing list