Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Bad hacker - bad, bad, bad (new record)

damn_registrars (1103043) writes | about 6 months ago

Security 2

This is a new record for consecutive attempts - and attempts per second - on my server. Some idiot using a Chinese IP address made at least 150,000 attempts on my system (all as root) in less than 4 hours. This was, of course, completely pointless as my system does not allow root logins and returns the same fail to the user who guesses the password correctly as to one who does not.This is a new record for consecutive attempts - and attempts per second - on my server. Some idiot using a Chinese IP address made at least 150,000 attempts on my system (all as root) in less than 4 hours. This was, of course, completely pointless as my system does not allow root logins and returns the same fail to the user who guesses the password correctly as to one who does not.

I'm not real sure why this person gave up, I'm sure they could have let their random password generator run longer. A few times they made 8 attempts per second on my system.

I know, there are plenty of things I can do to prevent this from happening in the future. I could also take the futile action of reporting them to their ISP. Instead I will just leave things as they are and keep laughing at them. I don't have nearly enough bandwidth for them to crash my server with too many requests, and my logs auto rotate in such a way that they can't fill up my hard drives with logs of their attempts either (although it might be time to increase the turnover cutoff by another factor of 10).

Sorry! There are no comments related to the filter you selected.

Random, maybe? (1)

mcgrew (92797) | about 6 months ago | (#46872445)

Perhaps they're simply targeting the wrong IP address, thinking you're Lockheed or somebody, or maybe they're just targeting random IPs.

Re:Random, maybe? (1)

damn_registrars (1103043) | about 6 months ago | (#46872809)

Perhaps they're simply targeting the wrong IP address, thinking you're Lockheed or somebody, or maybe they're just targeting random IPs.

I'm pretty sure most of these clowns use some sort of automated script that crawls around looking for IPs where the server answers on port 22 asking for a username and password. Most of these fools will just make a few dozen to a few hundred attempts and move on. This one apparently got stuck and unloaded a more extensive attack.

I've also been hit with distributed (botnet) attacks that have either done dictionary attacks on root or done a whitepages attempt looking for passwordless usernames. Those have tallied in the thousands of attempts; this is a vastly larger attack than any other that I have ever seen.

I also run a web site on the same system. I have often referred back to the webserver log looking for the IP address that attempted to get in via ssh, and so far haven't seen a correlation (one would think that would become more likely as time goes on and IP addresses run out, leading more people to use IP masquerading and whatnot). The IP addresses of the idiot hackers don't even match up with the people who keep trying to pull up various php pages that are known to often be somewhat easy to exploit.

It would be amusing if they thought I was important. I suspect they are looking for a *nix system to turn into a zombie or to host a particular kind of webpage. They found a *nix system indeed but they won't find it useful for their intents.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?