[TriLUG] list newbie has stuff to give away (gmail type stuff)

James Lloyd Beidler james at layyze.com
Tue Aug 24 11:01:18 EDT 2004 

  Point well taken (BTW, I also have RR).  On second inspection I noticed
that I only got repeat IPs once or twice.  Also, a whois tells me that
they are coming from China, Korea, Nicaragua, and Brazil (except for the
repeats, which all came from Shaw cable customers).  The methodical
request for the same 5 or so usernames makes me think that this is the
work of some script.  I should update my offer to say that anyone that
has any good ideas on how to deal with this can get the gmail invite (if
you want it).

Thanks,
James

> Strangely enough, I never had those multiple ssh login attempts for
> nearly 3 years... then my IP address finally changes with RR and I
> suddenly get them, as many as 3-4 different attempts each week,
> whichever IP hits me covers all those possibles; test, guest, admin and
> most recently even root showed up.  I also use IPTABLES.  I started to
> wonder if I ended up with an IP on someone's sh*t list.  I've traced all
> the IPs that have hit me in this manner to China and Korea.  At this
> point, I'm vigilantly keeping my system updated, and having faith in
> linux (b/c I'm not going to turn off ssh).  I have never seen the same
> IP twice (except on multiple attempts that were logged at the same
> time).  Another thought I had, when I was originally only seeing test
> and guest and admin was some crazy Microsoft based worm was doing it...
> but when I saw root attempts most recently, I guess that idea was no
> good.  Currently I'm not adding these IPs to any blocking, as there are
> no repeats so far, so what's the point.
>
> any thoughts from anyone else on this would be interesting to read.
>
> laters,
> David M.
>
> ps, I'm already gmailified.  :)
>
>
> --- James Lloyd Beidler <james at layyze.com> wrote:
> I'm willing to give one away to
>> anyone that can give me a simple and elegant way to automatically
>> block IPs of people that make multiple attempts at sshing into my
>> machine using accounts that do not exist (ie. test, guest, admin).  I
>> use IPTABLES ;)
>> -James
>>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> New and Improved Yahoo! Mail - Send 10MB messages!
> http://promotions.yahoo.com/new_mail
> --
> TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ
> : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc

More information about the TriLUG mailing list