Post Xmas Pwnage

David Cantrell david at
Thu Jan 4 16:35:40 GMT 2007

On Thu, Jan 04, 2007 at 09:13:59AM +0000, Peter Hickman wrote:

> Everyday I run a script that checks various logs to get the ip addresses 
> of people who have tried to hack my system. I usually get 5 - 10 new 
> addresses a day from people trying to brute force my ssh connection. 

I get about one a day these days.  It dropped quite precipitously in
late November / early December and has stayed low ever since.  This is
about the same time I started using sshblack, which adds DROP rules to
iptables when people have repeated failed logins.  Perhaps the zombies
are communicating amongst themselves about which hosts suddenly stop
responding to them.

I need to start doing the same for stupid Windows exploits in my http
logs and also picking IPs out of Received headers in my spam folders.

sshblack is a really simple idea which I could never be bothered to
implement myself, but works really well and is dead simple to set up.

David Cantrell | Nth greatest programmer in the world

    If I could read only one thing it would be the future, in the
    entrails of the bastard denying me access to anything else.

More information about the mailing list