Post Xmas Pwnage
David Cantrell
david at cantrell.org.uk
Thu Jan 4 16:35:40 GMT 2007
On Thu, Jan 04, 2007 at 09:13:59AM +0000, Peter Hickman wrote:
> Everyday I run a script that checks various logs to get the ip addresses
> of people who have tried to hack my system. I usually get 5 - 10 new
> addresses a day from people trying to brute force my ssh connection.
I get about one a day these days. It dropped quite precipitously in
late November / early December and has stayed low ever since. This is
about the same time I started using sshblack, which adds DROP rules to
iptables when people have repeated failed logins. Perhaps the zombies
are communicating amongst themselves about which hosts suddenly stop
responding to them.
I need to start doing the same for stupid Windows exploits in my http
logs and also picking IPs out of Received headers in my spam folders.
sshblack is a really simple idea which I could never be bothered to
implement myself, but works really well and is dead simple to set up.
Recommended.
--
David Cantrell | Nth greatest programmer in the world
If I could read only one thing it would be the future, in the
entrails of the bastard denying me access to anything else.
More information about the london.pm
mailing list