[CentOS] Failed attempts

Mon Nov 27 17:26:34 UTC 2017
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Mon, November 27, 2017 11:10 am, Jerry Geis wrote:
> hi All,
> I happened to login to one of my servers today and saw 96000 failed login
> attempts. shown below is the address its coming from. I added it to my
> firewall to drop.
> Failed password for root from port 14299 ssh2
> FYI - others might be seeing it also.

It happens all the time on all UNIX and Linux machines during last over 2
decades. This is why some of us, sysadmins, use various ways to protect
our users (we all realize that out of 100 users there always are at least
5 who have very weak passwords and whose passwords can be cracked in brute
force attack like that). Some of the tools are: fail2ban, sshguard. The
last one I use on my FreeBSD servers. On Linux workstations I usually use
just firewall rule that restricts similar attempts to some number. And I
run server under assumption that bad guys are already in. Which (in
addition to other security measures) means: update, update, update...

Good luck! Use strong passwords (passphrase I call it when I talk to my
users), especially for root account.

> Jerry
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247