Re: [PLUG] Anyone else seeing a surge of SSH attempts from US IPs?

Michael Lazin on 27 May 2019 06:35:39 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Anyone else seeing a surge of SSH attempts from US IPs?

From: Michael Lazin <microlaser@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Anyone else seeing a surge of SSH attempts from US IPs?
Date: Mon, 27 May 2019 09:35:16 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=3LdOXsmnESIL04zMZzxfNELy6gU320txVQjB481ohD0=; b=qPYdTd8ajfg59fmRUSCbweaLCTFsc2nUqqUaTUJ1N+EHPFw7PjS3BxUDTcgwDZyzI/ 6Bf7IYoMhs+8FFXJhWqGTneyJwl/17+gxplrmqXPrlZNjEVLDBLg8Zd2uTGp4GybIBvY WLqeArX/FIcByiCVfX6SlwPMHR1h2KBQ4S9nD+gF6SIl89e4Gv1+ytmsyhp2XAhJ0SH7 NKF20GUxUwdfU3Bgk1YRG0Z8PCY/dIHePvbi3iZCTE8/d441CUunhhWgEMmdi1M2oXae RIiRSN1hLskQzVnbFAPIm6CEysFRBJmjNHqyB5C35g0Awh2+54LJJKf+FbYOKfLY4IU0 6+Ug==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

The attacks are probably coming from a botnet like this one: https://nakedsecurity.sophos.com/2018/10/24/poorly-secured-ssh-servers-targeted-by-chalubo-botnet/

My guess is they are compromised hosts.

Using ssh key pairs is a great way to prevent being effected by brute force attacks.

On Sun, May 26, 2019 at 1:59 PM Greg Helledy <gregsonh@gra-inc.com> wrote:

In the past, our servers would get maybe one SSH password attempt a
week, usually from China or another far-off corner of the internet. We
automatically block these after a few tries.

Lately (over the past several weeks), I am seeing more and more
attempts, and they're coming from US IP addresses. I've shut off SSH
for now but am surprised. Is anyone else seeing this, or did we get on
a list somewhere?

--
Greg Helledy
GRA, Incorporated
P: +1 215-884-7500
F: +1 215-884-1385
www.gra.aero
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Michael Lazin

to gar auto estin noein te kai ennai

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Anyone else seeing a surge of SSH attempts from US IPs?
  - From: Greg Helledy <gregsonh@gra-inc.com>

Prev by Date: [PLUG] Anyone else seeing a surge of SSH attempts from US IPs?
Next by Date: [PLUG] Computer Recycling Centers for Parts?
Previous by thread: [PLUG] Anyone else seeing a surge of SSH attempts from US IPs?
Next by thread: Re: [PLUG] Anyone else seeing a surge of SSH attempts from US IPs?
Index(es):
- Date
- Thread