On Thu, Aug 21, 2008 at 10:33 AM, Michael Tautschnig <[EMAIL PROTECTED]> wrote: > Hi all, > > since two days (approx.) I'm seeing an extremely high number of apparently > coordinated (well, at least they are trying the same list of usernames) brute > force attempts from IP addresses spread all over the world. I've got denyhosts > and an additional iptables based firewall solution in place to mitigate these > since quite some time already and this seems to do the trick in terms of > blocking them fairly quickly. >
Personally, I am letting Denyhosts do my legwork and checking the reports to look for patterns. I gave up on emailing people reports. A large portion of the emails are bounced with 'make sure you email this information to us... don't reply to this... ' and another bunch simply bounce. I have no faith in any asian IP admin receiving and properly reacting to an email. If I see a domestic (US) host that looks like a human might answer, I'll try and send a report, but I do nothing automated. I realize that I might be a better citizen to respond to all of them and report bad hosts, but since I've been using denyhosts, I've never received any positive response about a host being shut down. I think the vast majority of admins simply don't care or don't even see my email reports. Other than that, I have only tightened up my 'number of failed logins' in denyhosts in response to the recent spate of attacks. I've also double checked all my role accounts to make sure they're needed and/or secured. j -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
