On Sunday 01 January 2012 23:36:13 grarpamp wrote:
This 'attack' has been going on for YEARS. Nobody's really getting shells (well some are), just dictionaried. The problem is that OpenSSH logs this by default and people freak out when they see it in their logs. It's just background noise. Real admins tune it out and use ssh keys instead.
I wrote a shell script that watches the logs and shuts off all access from an address that starts guessing passwords. My Linux box (which is what you get entering on port 22) doesn't have a root password (I use sudo), so anyone who tries to guess root passwords gets nothing but the door slammed shut in his face. Others try guessing "sales", "pgsql", "tony", "newsletter", "visitor", etc.; I don't think I've ever seen any guess my real username.
cmeclax