On Jun 5, 2012, at 3:53 PM, /dev/rob0 wrote: > What suspicions were confirmed?
At first I thought that somebody was TCP'ing in and somehow turning off the remote IP in the log so I couldn't block it. Then an answer from another mailing list, and a little thinking, made it occur to me that maybe my server had been penetrated. > And these brute force attempts would be logged, each one. They are, with no rhost. And there are other brute force attempts that *do* have IPs. > I think you are overreacting. I really hope so. What's your thinking? Have you seen this before? And most important: what is it, how does it work, and how do I get rid of it and keep it from coming back? -- Glenn English hand-wrapped from my Apple Mail
