[nycphp-talk] [OT] SSH security question
Rolan Yang
rolan at omnistep.com
Sat Apr 30 13:43:28 EDT 2005
Sometimes. I have found portsentry to be a useful tool in
blocking/annoying port scan hackers.
Basically, it listens on handful of ports where active services are not
running. When portsentry detects a connection, that ip is nullrouted for
a period of time using iptables or ipchains thus preventing any further
attacks. Check it out.
~Rolan
David Mintz wrote:
>Is it normal to get attacked like this just about every day?
>
>
> --------------------- SSHD Begin ------------------------
>
>
>Failed logins from these:
> bin/password from 210.68.71.220: 17 Time(s)
> boss/password from 210.68.71.220: 17 Time(s)
> chris/password from 210.68.71.220: 17 Time(s)
> cristina/password from 210.68.71.220: 17 Time(s)
> daemon/password from 210.68.71.220: 17 Time(s)
> ftp/password from 210.68.71.220: 17 Time(s)
> ftpuser/password from 210.68.71.220: 17 Time(s)
> mailtest/password from 210.68.71.220: 17 Time(s)
> michelle/password from 210.68.71.220: 17 Time(s)
> mysql/password from 210.68.71.220: 17 Time(s)
> news/password from 210.68.71.220: 17 Time(s)
> oracle/password from 210.68.71.220: 17 Time(s)
> postfix/password from 210.68.71.220: 17 Time(s)
> postgres/password from 210.68.71.220: 17 Time(s)
> richard/password from 210.68.71.220: 17 Time(s)
> service/password from 210.68.71.220: 17 Time(s)
> testuser/password from 210.68.71.220: 17 Time(s)
>
>
>---
>David Mintz
>http://davidmintz.org/
>_______________________________________________
>New York PHP Talk Mailing List
>AMP Technology
>Supporting Apache, MySQL and PHP
>http://lists.nyphp.org/mailman/listinfo/talk
>http://www.nyphp.org
>
>
>
More information about the talk
mailing list