failed password for root from ...

what is with the recent uptick in failed ssh logins everywhere? a few weeks ago, i almost never got emails from the automatic log watchers about these, now i get at least one or two a day, all from different ip addresses. usually they’re attempted root logins, but sometimes they’re attempts to log in as other role accounts (like bin).

» code
« fun with archivesaugust 25, 2004 3:12pm »

comments

There's a worm going around that does brute force attempts on root/root, test/test, admin/admin and a few others IIRC.

» Justin Mason (link) » august 25, 2004 3:37pm

http://www.k-otik.com/exploits/08202004.brutessh2.c.php

This exploit is running around in the wild, and being used fairly extensively. I used to get one or two ssh login attmepts a month. Now I can get a dozen a day. How annoying.

» Martin (link) » august 26, 2004 5:39am

I've also been noticing this on numerous boxes. I eventually have setup a box which allows SSH'ing into and then I can ssh to other boxes and firewalled incoming port 22 traffic. It is annoying getting reports of tonnes of failed SSH login attempts.

» Jacques (link) » august 26, 2004 10:40am

Another "me too" here. Makes good iptables fodder.

» Matt (link) » august 26, 2004 11:29pm

Here's a proposed solution using iptables.

» Jon » january 18, 2005 8:22am

add a comment

remember you