Results 1 to 6 of 6
  1. #1

    Reporting Brute Force Attacks To Hosts

    I have installed BFD on my server every now and then i get an email saying

    "The remote system (ip) was found to have exceeded acceptable login failures on (MyServer) As such the attacking host has been banned from further accessing this system, for the integrity of
    your host you should investigate this event as soon as possible

    -----------

    What do i do know? i usually do a who is on the ip that try to attack me , should i contact the abuse Email i see under the whois information .... if so what exacly should i say on that Email should i send them the Complete event log of attemps etc ... i need some feedback Thanks Alot

  2. #2
    Join Date
    Jun 2004
    Posts
    1,958
    ignore them, turn off email alerts.

    reasoning: the email alerts will actualy overload your server when you get bruted.

    Also, we get bruted every single night atleast 3-4 times, they are just little kiddie scripts. Nothing to worry about if your box is secure!

    Do nothing for reporting, make sure your users are not vunerable or offering un-used SSH etc.
    It's Scott!

  3. #3
    you can probably cut those in 1/10 if you change the SSH port to something else than 22. other than that, ignore those emails.
    There are 3 kinds of people. People who can count and people who can't.

  4. #4
    Join Date
    May 2004
    Location
    Baltimore, MD
    Posts
    1,203
    Originally posted by INTEL
    you can probably cut those in 1/10 if you change the SSH port to something else than 22. other than that, ignore those emails.
    I can actually vouch for that. My VPS with ServInt was on a port other than 22, and received zero brutes for about 5 months. I switched it to 22 and had about one or two every week (at least)

    Hope this helps.
    Automated Tendencies - Brand Management Agency from Baltimore, Maryland.
    Reputation Management Search Engine Optimization Pay Per Click Email Marketing

  5. #5
    Join Date
    Jun 2004
    Posts
    1,958
    Was BFD even set to monitor that port?
    It's Scott!

  6. #6
    Join Date
    May 2004
    Location
    Baltimore, MD
    Posts
    1,203
    I went off log spam Got to love those 12 hour log deliveries!
    Automated Tendencies - Brand Management Agency from Baltimore, Maryland.
    Reputation Management Search Engine Optimization Pay Per Click Email Marketing

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •