This was funny, someone tried to break into my account
with thousands and thousands multiple attempts with differing
passwords ... really interesting to observe ...
This was funny, someone tried to break into my account
"account"? For what service?
This was funny, someone tried to break into my account with thousands
and thousands multiple attempts with differing passwords ... really interesting to observe ... here's an example ...
\%/@rd
"anonymous"
"123456"
"admin"
"root"
"password"
"123123"
"123"
root@ubuntu:/var/log# grep 'Invalid user' auth.log | wc -l
26865
root@ubuntu:/var/log# grep 'Invalid user' auth.log | wc -l
26865
If not already done, I encourage you to use fail2ban as a first barrier.
Next you could filter the netblocks from countries you don't expect to receive traffic from and add iptables rules to drop the packets
received from them. You can browse to https://www.ipdeny.com/ipblocks/data/aggregated/ to download the lists
per country.
If you're interested I got a python script that can do the job. The
only thing to do is set a crontab to periodically download the lists
and update the iptable rules.
Hi Christian,
Next you could filter the netblocks from countries you don't
expect to receive traffic from and add iptables rules to drop the
packets received from them. You can browse to
https://www.ipdeny.com/ipblocks/data/aggregated/ to download the
lists per country.
That's a fast moving target. So you need to update (very) often...
If you're interested I got a python script that can do the job.Yes thanks! That would be interesting!
If you're interested I got a python script that can do the job.
Yes thanks! That would be interesting!
Here it is :
# -*- coding: utf-8 -*-
Sysop: | StingRay |
---|---|
Location: | Woodstock, GA |
Users: | 37 |
Nodes: | 15 (0 / 15) |
Uptime: | 71:07:35 |
Calls: | 627 |
Calls today: | 4 |
Files: | 659 |
Messages: | 228,242 |