<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.32.2">
</HEAD>
<BODY>
+1 on Michael...<BR>
<BR>
I like your take on the "honey pot". Kewl idea too! And yes, people are dumb enough to use those passwords. I've "fixed" more than one network that got hacked-up back in my days as a road warrior dealing with companies that wanted to use "password" or nothing at all as their password for everything. And they wonder why they got hacked-up? Yes, there are people who use these LAME passwords...<BR>
<BR>
RinL<BR>
<BR>
On Mon, 2011-09-12 at 11:27 -0400, Michael H. Warfield wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
On Mon, 2011-09-12 at 11:05 -0400, David Hillman wrote:
> According to the PortSentry logs for my server, I have received thousands of
> connection attempts via SSH port 22. Of course, that is not the port the
> real SSH service is listening on. Logins were also disabled for root.
>
> What's interesting is the IP addresses all belong to Serverloft (
> <A HREF="http://www.serverloft.eu">www.serverloft.eu</A>); most attempts came from 188.138.32.16 (
> loft4385.serverloft.eu). I am guessing someone with a few VPS boxes has
> nothing better to do than use up network bandwidth to terrorize the rest of
> us. Or, maybe those boxes have been compromised.
> I have e-mailed the folks over over at Serverloft, but I don't expect
> anything of it. Is there anything else I can do?
It's just noise. They're not getting in so you can ignore them.
Happens all the time around here. If you want some amusement, set up an
ssh honeypot and catch all their password attempts. You'll be left
shaking your head in total disbelief. "Do they really think THOSE
things will actually work?!?!?" Yeah, not only do they believe they
work, there actually are people stupid enough to use stupid passwords
who actually have ssh shell access that it makes it worth it for them to
do this. Sigh... Some of the passwords might surprise you but they're
all still LAME.
Regards
Mike
_______________________________________________
Ale mailing list
<A HREF="mailto:Ale@ale.org">Ale@ale.org</A>
<A HREF="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</A>
See JOBS, ANNOUNCE and SCHOOLS lists at
<A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
</PRE>
</BLOCKQUOTE>
<BR>
</BODY>
</HTML>