[CentOS] SSH attacks from china

Wed Jul 29 20:10:04 UTC 2009
Sorin Srbu <sorin.srbu at orgfarm.uu.se>

>-----Original Message-----
>From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
>Behalf Of Lucian at lastdot.org
>Sent: Sunday, July 26, 2009 11:27 PM
>To: CentOS mailing list
>Subject: Re: [CentOS] SSH attacks from china
>
>Vietnam and Indonezia are also suspects in my list.
>The biggest problem with this approach is that even tho I could ban
>whole Asia and Russia, a significant part of the attacks do not
>originate from there, but from countries like USA, UK, etc, controlled
>by hackers (also) from the aforementioned areas...
>The latest case of password breaking I had to deal with was from an
>USA IP address.. they managed to insert an iframe in all index.html
>and index.php files on the respective FTP account. The iframe however
>was pointing to a .ru website hosted in France.. Isn't globalization
>fun?!
>Anyway, just banning ranges of IP addresses may not enough, so to rely
>on this _only_ would be careless.

Exactly, that was what I trying to get at!

So you're not going to ban all ip addresses from the US I take it, since
most spam, crapware, attacks and whatnot originate from there, as you point
out? ;-)
-- 
/Sorin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5106 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20090729/fa4ae3d8/attachment-0005.bin>