failed password for root from ...

what is with the recent uptick in failed ssh logins everywhere? a few weeks ago, i almost never got emails from the automatic log watchers about these, now i get at least one or two a day, all from different ip addresses. usually they’re attempted root logins, but sometimes they’re attempts to log in as other role accounts (like bin).

comments

There's a worm going around that does brute force attempts on root/root, test/test, admin/admin and a few others IIRC.

» Justin Mason (link) » august 25, 2004 6:37pm

http://www.k-otik.com/exploits/08202004.brutessh2.c.php

This exploit is running around in the wild, and being used fairly extensively. I used to get one or two ssh login attmepts a month. Now I can get a dozen a day. How annoying.

» Martin (link) » august 26, 2004 8:39am

I've also been noticing this on numerous boxes. I eventually have setup a box which allows SSH'ing into and then I can ssh to other boxes and firewalled incoming port 22 traffic. It is annoying getting reports of tonnes of failed SSH login attempts.

» Jacques (link) » august 26, 2004 1:40pm

Jim Winstead has been mentioning problems with failed SSH Logins. I've also been noticing the increase in these failed login attempts. Quite annoying actually. I think the version of the brutessh2.c stuff linked above is a nicer example than what...

» Jacques Marneweck's Blog (link) » august 26, 2004 1:44pm

Another "me too" here. Makes good iptables fodder.

» Matt (link) » august 27, 2004 2:29am

Here's a proposed solution using iptables.

» Jon » january 18, 2005 11:22am

add a comment

sorry, comments on this post are closed.