[tor-relays] Abuse complaints about brute forceing via ssh

Mon Jan 2 11:23:31 UTC 2012

On Sunday 01 January 2012 23:36:13 grarpamp wrote:
> This 'attack' has been going on for YEARS. Nobody's really getting
> shells (well some are), just dictionaried. The problem is that
> OpenSSH logs this by default and people freak out when they
> see it in their logs. It's just background noise. Real admins
> tune it out and use ssh keys instead.

I wrote a shell script that watches the logs and shuts off all access from an 
address that starts guessing passwords. My Linux box (which is what you get 
entering on port 22) doesn't have a root password (I use sudo), so anyone who 
tries to guess root passwords gets nothing but the door slammed shut in his 
face. Others try guessing "sales", "pgsql", "tony", "newsletter", "visitor", 
etc.; I don't think I've ever seen any guess my real username.

cmeclax