On Mon, November 27, 2017 11:10 am, Jerry Geis wrote:
> hi All,
>
> I happened to login to one of my servers today and saw 96000 failed login
> attempts. shown below is the address its coming from. I added it to my
> firewall to drop.
>
> Failed password for root from 123.183.209.135 port 14299 ssh2
>
> FYI - others might be seeing it also.
It happens all the time on all UNIX and Linux machines during last over 2
decades. This is why some of us, sysadmins, use various ways to protect
our users (we all realize that out of 100 users there always are at least
5 who have very weak passwords and whose passwords can be cracked in brute
force attack like that). Some of the tools are: fail2ban, sshguard. The
last one I use on my FreeBSD servers. On Linux workstations I usually use
just firewall rule that restricts similar attempts to some number. And I
run server under assumption that bad guys are already in. Which (in
addition to other security measures) means: update, update, update...
Good luck! Use strong passwords (passphrase I call it when I talk to my
users), especially for root account.
Valeri
>
> Jerry
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
