Re: Block SSH brute force -- MIDRANGE-L

Good News Everybody!

The new search engine is LIVE!

Please report any problems to david (at) midrange.com.

Subject: Re: Block SSH brute force
From: Tim Bronski <tim.bronski@xxxxxxxxx>
Date: Thu, 11 Feb 2016 16:54:26 +0100
List-archive: <http://archive.midrange.com/midrange-l/>
List-help: <mailto:midrange-l-request@midrange.com?subject=help>
List-id: Midrange Systems Technical Discussion <midrange-l.midrange.com>
List-post: <mailto:midrange-l@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/options/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=unsubscribe>

This soft of attempted hack is very common and they emanate from China, Korea, Ukraine...all the usual suspects. If I fire up an SSH server and monitor the requests I will usually see about 3 or so attacks a day with each of these performing several hundred login attempts as root with a dictionary of possible passwords. The simplest way to prevent it (aside from firewall blocking) is to run your server on a port other than 22.

On 2/11/2016 4:40 PM, rob@xxxxxxxxx wrote:

Most of the attacks we get like this are from the benevolent hackers
working as a subsidiary of IBM. Testing common passwords, etc. You don't
contract to such a service, do you?

IDK of any way to autoblacklist based on log in profile.

Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.