On Mon, November 27, 2017 11:10 am, Jerry Geis wrote: > hi All, > > I happened to login to one of my servers today and saw 96000 failed login > attempts. shown below is the address its coming from. I added it to my > firewall to drop. > > Failed password for root from 123.183.209.135 port 14299 ssh2 > > FYI - others might be seeing it also. It happens all the time on all UNIX and Linux machines during last over 2 decades. This is why some of us, sysadmins, use various ways to protect our users (we all realize that out of 100 users there always are at least 5 who have very weak passwords and whose passwords can be cracked in brute force attack like that). Some of the tools are: fail2ban, sshguard. The last one I use on my FreeBSD servers. On Linux workstations I usually use just firewall rule that restricts similar attempts to some number. And I run server under assumption that bad guys are already in. Which (in addition to other security measures) means: update, update, update... Good luck! Use strong passwords (passphrase I call it when I talk to my users), especially for root account. Valeri > > Jerry > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++