From: Arturo 'B. B. <bu...@bu...> - 2009-10-01 11:20:27
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I confirm on the only server I manage that has ssh open to the world. Klaus Lehmann wrote: > hi fans > > approx. since yesterday I noticed a massive attack against my servers. > attacks are based only on SSH: > exactly every one minute there was an login. > > sharply looking on attacking ip's, I get no system. only this: > 196.41.113.27-196.41.113.30 (all 4 ips' in 4 minutes, in a row; its an > southafrican server...) > I think this a, what I'm here NOT proud to live with it, systematical > attack. > I can't think, this is uncontrolled: sriptciddies or other bullshit. > I think. someone (friends from eastern? where is "eastern", it a point > of view ;-) ) is attacking MY and ofcourse other systems. > > my problem: > between oct.1st 0.00hour and now oct 1st. 7:54 there are approx 500 > loggings about attacks on ONE server (=250-300 logs in ONE hour.) a > little bit too much. > > my question: > is it possible to get a digest from logging_system. not one msg per > attck. > my idea: a collecting email: one per hour. > > [if not I must disable: one msg from one attack ] ;-( > > > > yours > sadly > klaus > > > > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > http://p.sf.net/sfu/devconf > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkrEia4ACgkQAlpOsGhXcE1j3gCbBGKEgAA4BYsh9HUysDENI48w dIYAn2LTakZik6GemOiEHsH6toiuqFMc =OG1a -----END PGP SIGNATURE----- |