[NTLUG:Discuss] Attacks on my server
Paul Lipps
paul.lipps at gmail.com
Sun Jan 3 13:02:32 CST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jan 2, 2010, at 10:09 PM, Jay Urish wrote:
> It can't just be me, I have noticed a huge spike in script kiddy
> attacks
> on my boxs ssh and ftp ports
> I used a cool proggy called daemonshield that detects the hack
> attempts
> and makes a iptables entry.
>
> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 61.129.60.23
> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 193.146.134.142
> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 59.3.239.114
> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 195.95.228.150
> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 124.133.27.238
> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 203.232.202.25
> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 85.183.246.33
> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 117.21.246.164
> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 140.119.164.79
> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 62.89.112.170
>
> these are just since yesterday..
>
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
Are the ssh and ftp services using the default ports? If so this is
probably why you see so much activity.
Paul Lipps
"Anyone who is unwilling to learn is entitled to absolutely nothing."
- - graysonf
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)
iEYEARECAAYFAktA6cgACgkQI0vIDS03kLUgngCfWLINDJMUXhuDCiPcv2flCPHm
tA4AoKhlIB6fNwfIlE4y3RlPUxWcu2qx
=dP4e
-----END PGP SIGNATURE-----
More information about the Discuss
mailing list