Results 1 to 5 of 5

Thread: Distributed SSH password attack in progress

  1. #1
    Join Date
    Oct 2007
    Location
    UK
    Posts
    129

    Default Distributed SSH password attack in progress

    Over the last 12 hours the SSH port on my server has been probed around 1,000 times by approximately 550 IP addresses. Each attempts to login as root. The attack is continuing, with 2 or 3 probes per minute.

    At this point, most of the probes are repeat IP addresses, so it appears that I have seen most of the machines in the botnet.

    Heads up to those who don't have an IDS running ...

    Edit: some 11.5 hours later, the stats: 1800 probes, 660 IP addresses.

    Edit 2: some 36 hours later, the stats: 3600 probes, 700 IP addresses.
    Last edited by charles; 10-03-2009 at 11:49 AM. Reason: updated probe stats
    Charles Haley
    www.haleys.eu/chaley

  2. #2
    Join Date
    Dec 2007
    Posts
    1,141

    Default

    ... and if you are not running an intrusion detection system, please take five to ten minutes out of your day to complete the SSH Configuration instructions from our Security Best Practices article on the VPSLink Wiki.

    My test VPS is running SSH on a non-standard port and I have yet to see any login attempts after almost two years of operation - raising the bar just a little bit seems to be a solid defense against most automated attacks.

  3. #3

    Default

    Thanks for the notification and response. I had forgotten that I reinstalled and didn't remove the root login.

    <3 VPSL

  4. #4
    Join Date
    Apr 2007
    Posts
    6

    Default

    I realize this thread is old, but I just went to the "Security Best Practices" link to the wiki, and it gives a redirect link to a known malicious site (per "SafeBrowsing"). It looks like it may have been compromised. Perhaps we should remove this link from the forum, or better yet, fix the wiki page?

    - Chris

  5. #5
    Join Date
    Jul 2009
    Location
    New York
    Posts
    465

    Default

    Matt@Vpslink was notified by theuniverses and I assumed most of the wiki were resolved by Matt however I will notifiy him again to resolve. Matt@Vpslink handles the wiki and he's in depending on his own schedule.

    Thank you for your notice
    Happily on a Link3. Feel free to request a refferal code that takes a 10% lifetime discount off your hosting.
    Please open a SUPPORT TICKET AND CALL vpslink to resolve your vpslink problems FIRST
    I am a CUSTOMER Only. Any vpslink issues should be directed to Matt@VPSLink and/or Michael@VPSLink

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •