[plug] hosts.deny over 6000 entries

Scott Middleton scott at assuretek.com.au
Fri Oct 30 07:49:26 WST 2009


Hi

October 4th /.
http://linux.slashdot.org/story/09/10/04/2054259/Sloppy-Linux-Admins-Enable-Slow-Brute-Force-Attacks?art_pos=

It was Oct 2nd at about midnight when the attacks started on my
machine. I got over 700 when I woke up that morning.

Between the email last night and now 14 more.

Passwords on the server are not dictionary passwords and denyhosts
only allows three attempts before IP banning. Most accounts do not
even have bash access anyway.

2009/10/29 Ritchie Young <ritchiey at gmail.com>:
> I'm not aware of it. Admittedly I don't run an Internet accessible server
> but I couldn't find anything about it on Google news so it doesn't seem to
> be in the mainstream media.
> For some reason (maybe related) I'm unable to access slashdot.org and
> github.com HTTP access is patchy. Strangely, git over ssh to github has been
> fine.
> I'd be interested to know what's going on.
> /Ritchie
>
> On Thu, Oct 29, 2009 at 7:38 PM, Scott Middleton <scott at assuretek.com.au>
> wrote:
>>
>> Hi PLUGgers
>>
>> I assume a lot of you know about the concerted worldwide attack of ssh
>> over the last few weeks.
>>
>> My hosts.deny on my colo is now over 6000 long.
>>
>> My question is: at what point is the file getting too large?
>>
>> I use portsentry and denyhosts to block attacks and it is working
>> exceedingly well but there seems to be no end in sight. One night a
>> few weeks ago there were over 700 in 12 hours! I still get several a
>> day and  the last few days attacks have increased again.
>>
>> I have had a total of three known Aussie IP addresses (with reverse
>> DNS) and have contacted them promptly.
>>
>> Kind Regards



More information about the plug mailing list