10 May
2012
10 May
'12
4:50 p.m.
Just in case you are interested in statistics, I have been running
Fail2Ban since May 2010 and since then I've had around 6.5k emails
informing me that an address has been blocked, or about 9 attempts per
*day*.
I think your customers would be a lot more likely to install Fail2Ban
if they knew just how common this sort of attack was.
James
On Thu, 10 May 2012 16:23:31 +0000
Andy Smith <andy(a)bitfolk.com> wrote:
Hello,
It's been a while since I last posted a reminder about protecting
against SSH dictionary attacks.
http://lists.bitfolk.com/lurker/message/20100314.085112.f5be7da9.en.html
The problem of course has not gone away and since then there have
been many more compromises that could have been easily avoided.
So, please, if you are running sshd on port 22 and allowing password
authentication, please consider taking some steps to protect
yourself. It can very easily happen to you, and aside from the
damage it can cause to other hosts on the Internet it risks
significant downtime for your own services.
I wrote up some more info from previous discussions:
https://tools.bitfolk.com/wiki/Protecting_against_SSH_dictionary_attacks
If you have further input please do feel free to add to the above
wiki article.
Cheers,
Andy