|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
05-26-2006, 07:58 AM
|
#1 |
|
Confirmed User
Join Date: Sep 2001
Location: Boston
Posts: 4,873
|
SSHD brute force attacks ?
I seem to be seeing a lot of atempts at brute forcing SSHD on my servers:
May 26 09:01:47 hooker sshd[68152]: Failed password for illegal user httpd from 65.205.238.12 port 43865 ssh2 May 26 09:01:47 hooker sshd[68154]: Illegal user arun from 65.205.238.12 May 26 09:01:47 hooker sshd[68154]: Failed password for illegal user arun from 65.205.238.12 port 43911 ssh2 May 26 09:01:47 hooker sshd[68136]: Illegal user chris from 80.122.129.122 May 26 09:01:48 hooker sshd[68136]: Failed password for illegal user chris from 80.122.129.122 port 24320 ssh2 May 26 09:01:48 hooker sshd[68155]: Illegal user bill from 65.205.238.12 May 26 09:01:48 hooker sshd[68155]: Failed password for illegal user bill from 65.205.238.12 port 43936 ssh2 May 26 09:01:48 hooker sshd[68159]: Illegal user dave from 65.205.238.12 anyone else seeing this or am is someone on my case? |
|
|
|
05-26-2006, 08:01 AM
|
#2 |
|
Confirmed User
Join Date: Jul 2003
Location: chicago
Posts: 1,135
|
nothing unusual
|
|
|
|
|
05-26-2006, 08:09 AM
|
#3 |
|
Confirmed User
Industry Role:
Join Date: Mar 2002
Posts: 7,245
|
people are always trying to brute force something
__________________
7 |
|
|
|
|
05-26-2006, 08:10 AM
|
#4 |
|
Too lazy to set a custom title
Industry Role:
Join Date: Aug 2002
Posts: 55,372
|
hah i get them all the time on my server, same with ftp. make sure you have most current up to date ssh, or you are asking for trouble
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.  WP Stuff |
|
|
|
|
05-26-2006, 08:11 AM
|
#5 |
|
Too lazy to set a custom title
Industry Role:
Join Date: Aug 2002
Posts: 55,372
|
hah i get them all the time on my server, same with ftp. make sure you have most current up to date ssh, or you are asking for trouble
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff |
|
|
|
|
05-26-2006, 08:19 AM
|
#6 |
|
Confirmed User
Join Date: Oct 2005
Location: Charlotte, NC
Posts: 908
|
You can use a program like portsentry, wich can be configured to automatically lock out brute force attackers, portscans etc.
__________________
ICQ: 284903372 |
|
|
|
|
05-26-2006, 08:56 AM
|
#7 |
|
Too lazy to set a custom title
Industry Role:
Join Date: Oct 2002
Location: Montreal, Quebec
Posts: 29,680
|
yesterday was quiet on one of my boxes:
sshd: Invalid Users: Unknown Account: 13762 Time(s)
__________________
I know that Asspimple is stoopid ... As he says, it is a FACT ! But I can't figure out how he can breathe or type , at the same time .... |
|
|
|
|
05-26-2006, 09:00 AM
|
#8 |
|
Confirmed User
Join Date: Dec 2003
Location: 1123,6536,5231
Posts: 3,397
|
I always change the default ssh port, and lock down the server with a firewall. If you have X, try "firestarter" for linux.
It's very common, but it's super simple to stop. |
|
|
|
|
05-26-2006, 09:08 AM
|
#9 |
|
Confirmed User
Join Date: Feb 2002
Location: Amsterdam
Posts: 9,377
|
add this to your iptables firewall
It will block the sshd port if an ip attempts more than 3 times per minute to login with a bad password. -N ssh_brute -A ssh_brute -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT -A ssh_brute -p TCP --syn -m limit --limit 3/minute --limit-burst 3 -j ACCEPT -A ssh_brute -p TCP -j LOG --log-level "WARN" --log-prefix [DROP:RATE_LIMIT] -A ssh_brute -p TCP -j REJECT -I INPUT -p TCP -s 0/0 --dport 22 -j ssh_brute 
__________________
| http://www.sinnerscash.com/ | ICQ: 370820 | Skype: SinnersCash | AdultWhosWho | |
|
|
|
|
05-26-2006, 09:16 AM
|
#10 |
|
Confirmed User
Join Date: Mar 2006
Location: Cashapartment.com
Posts: 282
|
There's a commonly run SSH brute force program available, it's retardedly simple, it just has a mass of usernames / passwords and it tries them all in succession. Best way to avoid any problems is to use decent passwords. SSH as a protocol is pretty damn solid, so long as you're not still using v1 (which is quite unlikely).
__________________
 CASH APARTMENT V2 IS HERE! NATS POWERED, 60-70% ON ALL REBILLS, FREE CONTENT, MGPS, FHGS, RETAINING MEMBERS NETWORK! A SIMPLE NO B.S PROGRAM - ICQ 239 806 698 |
|
|
|
|
05-26-2006, 09:55 AM
|
#11 |
|
Confirmed User
Join Date: Feb 2002
Location: Amsterdam
Posts: 9,377
|
of course the best way is to restrict sshd, ftpd and such to ip addresses.
but this requires a static ip address. If you want to access your machine from different locations (traveling) use 1 server/computer with VPN as trusted host. 
__________________
| http://www.sinnerscash.com/ | ICQ: 370820 | Skype: SinnersCash | AdultWhosWho | |
|
|
|
|
05-26-2006, 10:01 AM
|
#12 |
|
Confirmed User
Join Date: May 2005
Posts: 2,737
|
I've had 1,200 brute force attacks on sshd on my server in the past week from the same IP. Korean based.
__________________
 PHP-MySQL-Rails | ICQ: 342500546 |
|
|
|
|
05-27-2006, 09:22 AM
|
#13 | |
|
Too lazy to set a custom title
Industry Role:
Join Date: Aug 2002
Posts: 55,372
|
Quote:
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff |
|
|
|
|
