On Mon, November 27, 2017 11:10 am, Jerry Geis wrote:
hi All,
I happened to login to one of my servers today and saw 96000 failed login attempts. shown below is the address its coming from. I added it to my firewall to drop.
Failed password for root from 123.183.209.135 port 14299 ssh2
FYI - others might be seeing it also.
It happens all the time on all UNIX and Linux machines during last over 2 decades. This is why some of us, sysadmins, use various ways to protect our users (we all realize that out of 100 users there always are at least 5 who have very weak passwords and whose passwords can be cracked in brute force attack like that). Some of the tools are: fail2ban, sshguard. The last one I use on my FreeBSD servers. On Linux workstations I usually use just firewall rule that restricts similar attempts to some number. And I run server under assumption that bad guys are already in. Which (in addition to other security measures) means: update, update, update...
Good luck! Use strong passwords (passphrase I call it when I talk to my users), especially for root account.
Valeri
Jerry _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++