Date: Thu, 28 Oct 2004 10:39:32 -0600 From: Steve Suhre <steve@Antero.com> To: freebsd-questions@freebsd.org Subject: Hacker activity? Message-ID: <6.0.3.0.2.20041028102537.04be6ec0@nano.net>
next in thread | raw e-mail | index | archive | help
I'm not sure if this is the correct group...but I'm getting some weird activity on the network. The security reports will show 50-100 attempts to login to a server, most as root but some are attempts to login to other seemingly random account names. The login attempts are through ssh or telnet, all come from the same remote server, and all fail. I'm also getting some odd cgi calls to a script on a secure ssl server. There's nothing that this particular script could do for a hacker, but the script is sent a random string, sometimes many times a minute, other times it's every 2 -3 minutes. I grabbed the ip address and blocked it, and about 10 minutes later it had moved to another ip. I'm now blocking a range of ip's. These don't seem like enough iterations to be very successful, the odds are overwhelmingly in favor of the server at this rate... Does anyone have a clue what might be happening or where I should go to find out? --- Steve Suhre Antero web technologies 719.634.8161 steve@Antero.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.3.0.2.20041028102537.04be6ec0>