[NTLUG:Discuss] Attacks on my server
Jay Urish
jay at unixwolf.net
Sun Jan 3 15:08:24 CST 2010
On 1/3/2010 1:02 PM, Paul Lipps wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Jan 2, 2010, at 10:09 PM, Jay Urish wrote:
>
>
>> It can't just be me, I have noticed a huge spike in script kiddy
>> attacks
>> on my boxs ssh and ftp ports
>> I used a cool proggy called daemonshield that detects the hack
>> attempts
>> and makes a iptables entry.
>>
>> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 61.129.60.23
>> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 193.146.134.142
>> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 59.3.239.114
>> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 195.95.228.150
>> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 124.133.27.238
>> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 203.232.202.25
>> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 85.183.246.33
>> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 117.21.246.164
>> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 140.119.164.79
>> Jan 2 22:07:54 k9 daemonshield[11459]: Blocking 62.89.112.170
>>
>> these are just since yesterday..
>>
>>
>>
>> _______________________________________________
>> http://www.ntlug.org/mailman/listinfo/discuss
>>
> Are the ssh and ftp services using the default ports? If so this is
> probably why you see so much activity.
>
>
Yes, but I have to leave them at stock locations because some people are
behind corporate firewalls that have everything locked down.
The point of this post is that the number of attacks have gone up..
More information about the Discuss
mailing list