[HECnet] Telnet/SSH attacks
Mark Benson
md.benson at gmail.com
Tue Nov 26 14:45:23 PST 2013
We get them by the shedload on our work hosting server. We run CPHulk on there to keep them out. I'd suggest implementing some kind of 'block IP for 24 hrs after x failed logins' scheme if you can. That usually forces them to move on.
On 26 Nov 2013 22:32, "Sampsa Laine" <sampsa at mac.com> wrote:
Am I the only one who's almost constantly being hit by login scans (usually from China or weird places like Kazakhstan - sorry Oleg) on their Internet facing Telnet/SSH ports?
It's not like they get in or anything, my guess is that this is just part of a larger scan so if you guys are getting hit as well, I won't worry that I'm being targeted :)
sampsa <sampsa at mac.com>
mobile +44 7961 149465
More information about the Hecnet-list
mailing list