ssh Brute-force Attempts

by Matt on May.12, 2008, under Computers, Insanity, Rants & Raves, Security

I used to get a couple hosts bounced a week… They’d try to brute-force username/password combos over ssh and DenyHosts would ban their IP after 5 failed logins.

For a couple days last week, I probably had about 50 in a 24-hour period, and then they went away as quickly as they started.

Today… Well, today is insane. As this site confirms, GMail limits a “conversation” to 61 conversations. So as this screenshot shows…

2 comments for this entry:

Matt
May 12th, 2008 on 10:27 am
Current count: since 10pm last night, 338 different hosts have tried…

“avian” and “avidan” keep getting tried as the first guesses… Good thing I haven’t given any birds a shell account with a blank password? Or a guy named Dan who’s a big fan of .avi’s?
Matt
May 12th, 2008 on 3:21 pm
Looks like it’s a major botnet, which is pretty foolishly brute-forcing hosts on each IP it finds… (Which means it’s exposing each of its members?)

Howdy. Welcome to Matt's Blog!
Thanks for dropping by! Feel free to join the discussion by leaving comments, and stay updated by subscribing to the RSS feed. See ya around!
Recent Posts
Browse by tags

Categories
- 2008
- Books
- Bowling
- Business
- Cars
- Citizen's Academy
- Computers
- Cool Links
- Funny
- Ham Radio
- Hero of the Day
- Humanitarianism
- Ideas
- Insanity
- Interesting
- Linux Tips
- Lists
- Living
- Materialism
- Obama
- OCD
- Performance
- Photography
- Politics
- Programming
- Rants & Raves
- Scanner Listening
- School
- Security
- Stocks
- Thinking Aloud
- Uncategorized
- Writing

Meta
- Log in
- Valid XHTML

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...

Matt’s Blog