It's extremely common to have these scans.
http://robotterror.com/site/wiki/mitigating_brute_force_password_attacks_with_pam_abl
That's a link to my blog. I'm a Linux System Admin at a major hosting
company; this is something I see nightly. Usually, though, I see hits
on the order of thousands per hour before I get worried.
On May 7, 2008, at 7:27 AM, Gary Baribault wrote:
> I don't know what is going on last night and this morning ... I have
> three Linux servers facing the Internet, two on cable modems and
> another on a static IP/commercial connection and this last one is a
> gateway to a Web/FTP/SMTP/Pop3/NTP Linux based system.
>
> I have DenyHosts installed on all three and have blocked about 75
> attempts .. from known compromised adresses .. The log shows
> (obviously) that there where even more attempts from adresses that
> are unknown to DenyHosts but there was only one login attemps per
> adress and it was with the Root account .. which is obviously
> blocked in my sshd config ..
>
> Of the three machines, one of them only had about 10 attempts, but
> the other two had about 200 attempts .. all of them with only 1 try
> with the user Root ..
>
> Is any one else seing this? or am I being targeted? This is still
> going on now .. and it started arround 10:00 last night GMT+4
>
> --
> Gary Baribault
> Courriel: gary_at_baribault.net
> GPG Key: 0x4346F013
> GPG Fingerprint: BCE8 2E6B EB39 9B23 6904 1DF4 C4E6 2CF7 4346 F013
>
Received on May 07 2008
Intro
