This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Enough is enoug
- Previous message (by thread): [anti-abuse-wg] Enough is enoug
- Next message (by thread): [anti-abuse-wg] Enough is enoug
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shane Kerr
shane at time-travellers.org
Fri Mar 9 08:46:15 CET 2012
Dear anonymous Internet person, On Friday, 2012-03-09 03:44:45 +0200, <info at dhn.li> wrote: > i need help on people that every day try to hack our server > for example this is just for to days log from fail2ban > i made maximum try count 4 and 600 sec. than thay try later 600 sec > again non stop please take control who they are and why they try > endles, least 6 months our server IP 85.10.198.87 While it is possible that these are targeted attacks, most likely these are just automated systems doing scans of random systems on the Internet, looking for common vulnerabilities. Personally I use denyhosts on my machines, which puts the offenders in /etc/hosts.deny permanently. I just put up a machine 8 days ago, and it already has 32 entries. Basically this means that any host on the Internet that is listening on the SSH port is going to get constant attempts of someone to hack the machine. Question to the room - does anyone have a similar technology that works with IPv6? AFAIK both denyhosts and fail2ban only work for IPv4. :( Anyway, back to securing the boxes... You're already using fail2ban which makes brute force login attempts impractical, so you probably don't need to worry too much, unless you let users pick their own passwords in which case they may either pick very insecure passwords or use the same ones everywhere. Many web sites store their passwords unencrypted, and if they get hacked then your users' passwords can be compromised. If you control the passwords of all accounts, then you can pick practically safe ones, otherwise you may want to consider requiring public key authentication. If you're thinking about the larger issue of how to stop such attacks... I don't know. Surely some ISPs are better or worse than others, but in the end any compromised host on the Internet can be the source of such attacks. I kind of think it will require similar effort to anti-spam work, and it doesn't annoy people on a daily basis in the same way that spam does. Good luck sir, -- Shane
- Previous message (by thread): [anti-abuse-wg] Enough is enoug
- Next message (by thread): [anti-abuse-wg] Enough is enoug
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]