failed password for root from ...

what is with the recent uptick in failed ssh logins everywhere? a few weeks ago, i almost never got emails from the automatic log watchers about these, now i get at least one or two a day, all from different ip addresses. usually they’re attempted root logins, but sometimes they’re attempts to log in as other role accounts (like bin).

» Wednesday, August 25, 2004 @ 5:06pm » code » 5 comments, add yours

« fun with archives • Wednesday, August 25, 2004 @ 6:12pm »

Comments

There's a worm going around that does brute force attempts on root/root, test/test, admin/admin and a few others IIRC.

» Justin Mason (link) » Wednesday, August 25, 2004 @ 6:37pm

http://www.k-otik.com/exploits/08202004.brutessh2.c.php

This exploit is running around in the wild, and being used fairly extensively. I used to get one or two ssh login attmepts a month. Now I can get a dozen a day. How annoying.

» Martin (link) » Thursday, August 26, 2004 @ 8:39am

I've also been noticing this on numerous boxes. I eventually have setup a box which allows SSH'ing into and then I can ssh to other boxes and firewalled incoming port 22 traffic. It is annoying getting reports of tonnes of failed SSH login attempts.

» Jacques (link) » Thursday, August 26, 2004 @ 1:40pm

Jim Winstead has been mentioning problems with failed SSH Logins. I've also been noticing the increase in these failed login attempts. Quite annoying actually. I think the version of the brutessh2.c stuff linked above is a nicer example than what...

» Jacques Marneweck's Blog (link) » Thursday, August 26, 2004 @ 1:44pm

Another "me too" here. Makes good iptables fodder.

» Matt (link) » Friday, August 27, 2004 @ 2:29am

Here's a proposed solution using iptables.

» Jon » Tuesday, January 18, 2005 @ 11:22am