Submit your comments on this article |
System note... |
2006-03-02 |
The Heathen Chinee were pretty active yesterday. I banned four IPs trying to conduct dictionary attacks over ssh. Many, many thanks to Badanov, JFM, and kbk for the tips on securing the server. I'm guessing the guys I banned were also the guys who were swarming the server when Apache overloaded. Eventually I'll (we'll) figure a way to stop that, too. I also noticed that most of the spam I got came from Chinese or Korean servers — dunno what the significance of that is. I haven't been tracking spam addresses close enough to know if it's abnormal. |
Posted by:Fred |
#4 Servers from China and korea are not signifigant, IMO. I get these attacks all the time, tempered by some simple measures, as you know. It just fills up the logs. Reading them makes me want for a nap. |
Posted by: badanov 2006-03-02 18:00 |
#3 I got a few hits like that from Egypt and elsewhere in the ME. Followed me in from the "Throw Mohammed From the Train" thread at MVRWC, I guess. |
Posted by: eLarson 2006-03-02 14:05 |
#2 I bet you get one heck of a lot of bad guy lurkers. A tremendous irony that such governments and organizations don't even want their spies to see what is written here, for fear that they could be "corrupted" by uncontrolled information. You might even publish an ISP by nation breakdown. One humorist I know, a few years ago, published some rude humor about Islam and got a gazillion hits from Arabia--not an attack. Most had been searching for rude humor about Islam. He didn't get any email complaints, either. Hmmm. |
Posted by: Anonymoose 2006-03-02 12:51 |
#1 It really does help to change the port number for sshd. Cut the attacks on my server to zero. You then change the port number on whatever ssh (or scp) client you're using to the new port number. |
Posted by: DMFD 2006-03-02 00:21 |