Login attacks
Rick Stevens
rstevens at vitalstream.com
Wed Dec 8 02:04:14 UTC 2004
Gene Heskett wrote:
> On Tuesday 07 December 2004 17:46, Gerry Doris wrote:
>
>>On Tue, 2004-12-07 at 15:24, Michael Yep wrote:
>>
>>>Hello
>>>
>>>In my LogWatch report I get many login attacks, many from the same
>>>IP address.
>>>
>>>sshd:
>>> Authentication Failures:
>>> root (218.232.109.187): 59 Time(s)
>>> adm (218.232.109.187): 2 Time(s)
>>> apache (218.232.109.187): 1 Time(s)
>>> nobody (218.232.109.187): 1 Time(s)
>>> operator (218.232.109.187): 1 Time(s)
>>> Invalid Users:
>>> Unknown Account: 43 Time(s)
>>>
>>>I have permitRootLogin set to NO, and I use strong passwords, but
>>>can I just add these IP addresses to hosts.deny?
>>>and if so how would I set that up
>>>
>>>
>>>
>>>Michael Yep
>>>Development / Technical Operations
>>>RemoteLink, Inc.
>>
>>I had so many problems with the 218.0.0.0/24 domain that I totally
>>blocked the entire domain. I believe this domain is in Korea.
>>
>>--
>>Gerry Doris <gdoris at rogers.com>
>
>
> Another that bears blocking completely is 64.0.0.0/24 as its 100%
> spam of the non-edible variety. Ditto for 66.0.0.0/24.
>
> Anybody else have any more to contribute?
Whoa, buddy. The entire 64.0.0.0/8 is NOT a spam source. We have a
/19 in that space and we're not spammers.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- Brain: The organ with which we think that we think. -
----------------------------------------------------------------------
More information about the fedora-list
mailing list