[CentOS] I appear to be attacking others

Tue Feb 7 12:13:38 UTC 2006
sophana <sophana at zizi.ath.cx>

using denyhosts is sufficient for me. After several password attempts, 
it simply disables the ip address.
I now have 133 denied ips in /etc/hosts.deny
Of course, you have to make sure that you don't use simple passwords

sshd: 193.137.229.185
sshd: 213.208.182.254
sshd: 69.50.188.122
sshd: 82.226.217.40
sshd: 64.193.62.162
sshd: 61.100.9.207
sshd: 65.82.89.30
sshd: 211.248.193.1
sshd: 72.4.5.31
sshd: 217.172.186.91
sshd: 80.81.106.212
sshd: 213.223.64.10
sshd: 81.233.245.217
sshd: 67.88.4.148
sshd: 61.97.32.29
sshd: 69.164.235.110
sshd: 195.130.116.161
sshd: 59.106.44.135
sshd: 207.10.28.19
sshd: 210.76.127.4
sshd: 82.103.77.100
sshd: 207.234.145.109
sshd: 61.131.80.30
sshd: 159.226.149.11
sshd: 82.229.209.252
sshd: 82.56.36.56
sshd: 212.94.83.10
sshd: 220.121.34.64
sshd: 207.234.224.210
sshd: 64.34.193.58
sshd: 222.235.64.140
sshd: 195.188.250.172
sshd: 220.76.0.194
sshd: 210.118.94.55
sshd: 148.204.183.218
sshd: 203.197.163.88
sshd: 217.156.68.203
sshd: 69.90.169.29
sshd: 213.143.66.142
sshd: 202.181.105.170
sshd: 69.38.48.20
sshd: 71.11.240.144
sshd: 65.164.58.2
sshd: 216.120.241.232
sshd: 64.182.50.244
sshd: 211.233.14.177
sshd: 83.18.27.210
sshd: 67.85.188.177
sshd: 62.15.230.129
sshd: 212.93.158.100
sshd: 202.222.28.22
sshd: 220.225.119.9
sshd: 202.181.96.33
sshd: 202.54.26.218
sshd: 211.252.207.187
sshd: 202.30.198.233
sshd: 218.145.207.133
sshd: 142.166.47.97
sshd: 59.144.2.102
sshd: 65.119.133.242
sshd: 218.25.82.157
sshd: 200.89.74.80
sshd: 212.114.221.99
sshd: 82.76.19.38
sshd: 200.67.134.217
sshd: 200.71.43.105
sshd: 148.88.201.30
sshd: 221.251.1.69
sshd: 64.239.2.119
sshd: 212.72.175.43
sshd: 195.97.98.240
sshd: 160.75.27.251
sshd: 216.97.13.46
sshd: 220.189.255.22
sshd: 200.175.254.60
sshd: 194.158.245.243
sshd: 60.248.229.120
sshd: 24.75.39.218
sshd: 200.138.65.1
sshd: 66.36.231.120
sshd: 193.54.239.198
sshd: 211.63.252.38
sshd: 216.120.255.208
sshd: 62.117.114.180
sshd: 216.191.184.30
sshd: 221.122.43.104
sshd: 202.76.88.72
sshd: 220.123.212.149
sshd: 61.221.57.89
sshd: 61.222.49.59
sshd: 220.248.13.48
sshd: 69.110.112.188
sshd: 195.128.252.8
sshd: 200.247.170.7
sshd: 200.47.112.149
sshd: 65.112.21.144
sshd: 69.53.127.51
sshd: 210.193.21.162
sshd: 80.53.170.10
sshd: 84.44.16.28
sshd: 62.5.231.86
sshd: 24.83.214.74
sshd: 203.144.229.199
sshd: 67.32.49.180
sshd: 82.225.213.87
sshd: 213.201.30.250
sshd: 64.34.165.199
sshd: 213.39.251.205
sshd: 219.123.39.114
sshd: 201.134.90.201
sshd: 220.194.55.123
sshd: 161.67.6.23
sshd: 202.108.13.91
sshd: 218.24.139.109
sshd: 217.172.181.107
sshd: 69.36.3.66
sshd: 61.208.89.194
sshd: 62.121.94.218
sshd: 69.70.19.237
sshd: 218.248.33.225
sshd: 61.193.164.226
sshd: 62.194.80.137
sshd: 61.152.160.155
sshd: 213.145.140.14


>
> Thanks Will.  One thing I have always done with SSH is run it on a 
> non-default port.  Its funny I left it on 22 once and watched the log 
> reports every morning in my email for a few days and the amount of 
> people trying to login as the root user was amazing... the report was 
> 40-50 lines longer than normal just from all the attempts... I then 
> chose a port over 10000 as they say most port scanners usually scan 
> port 1-10000.  Once I did that I have not seen one attempt to try and 
> access root through SSH or any user for that matter.  Good tip 
> though... =)
>
> And yeah I always have a test machine for breaking stuff on... I think 
> thats how I have learnt most of what I know about linux is breaking it 
> and re-installing it many many times ;)
>
> Thanks for the info, very much appreciated... Gonna check out EBAY for 
> that book and check out those links so I have some reading to do.. 
> thanks again!
>
> James
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>