From owner-freebsd-questions@freebsd.org Wed Mar 7 09:06:42 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DD22AF3CCD7; Wed, 7 Mar 2018 09:06:42 +0000 (UTC) (envelope-from peter@boosten.org) Received: from smtpq1.mnd.mail.iss.as9143.net (smtpq1.mnd.mail.iss.as9143.net [212.54.34.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7524B87F3C; Wed, 7 Mar 2018 09:06:42 +0000 (UTC) (envelope-from peter@boosten.org) Received: from [212.54.34.119] (helo=smtp11.mnd.mail.iss.as9143.net) by smtpq1.mnd.mail.iss.as9143.net with esmtp (Exim 4.86_2) (envelope-from ) id 1etUn8-0005Oi-BT; Wed, 07 Mar 2018 09:51:18 +0100 Received: from 5419f71f.cm-5-2d.dynamic.ziggo.nl ([84.25.247.31] helo=ra.boosten.org) by smtp11.mnd.mail.iss.as9143.net with esmtp (Exim 4.86_2) (envelope-from ) id 1etUn8-00035z-A5; Wed, 07 Mar 2018 09:51:18 +0100 Received: from ra.egypt.nl (localhost.egypt.nl [127.0.0.1]) by ra.boosten.org (Postfix) with ESMTP id C8778343302B; Wed, 7 Mar 2018 09:51:17 +0100 (CET) X-Virus-Scanned: amavisd-new at boosten.org Received: from ra.boosten.org ([127.0.0.1]) by ra.egypt.nl (ra.egypt.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xKoRqwOlAkxT; Wed, 7 Mar 2018 09:51:14 +0100 (CET) Received: from www.boosten.org (ra.egypt.nl [192.168.13.15]) by ra.boosten.org (Postfix) with ESMTPA id A66393432F3F; Wed, 7 Mar 2018 09:51:14 +0100 (CET) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Wed, 07 Mar 2018 09:51:12 +0100 From: Peter Boosten To: User Hasse Cc: freebsd-questions@freebsd.org, owner-freebsd-questions@freebsd.org Subject: Re: Increased abuse activity on my server Reply-To: peter@boosten.org Mail-Reply-To: peter@boosten.org In-Reply-To: <20180307071944.GA30971@ymer.bara1.se> References: <20180307071944.GA30971@ymer.bara1.se> Message-ID: <5a6fcc9bf33e11d552ddd2a63cb8d83b@boosten.org> X-Sender: peter@boosten.org User-Agent: Roundcube Webmail/1.3.4 X-SourceIP: 84.25.247.31 X-Ziggo-spambar: / X-Ziggo-spamscore: 0.0 X-Ziggo-spamreport: CMAE Analysis: v=2.3 cv=YtchubQX c=1 sm=1 tr=0 a=JWBJsaPp29SgP5DpYRBqZw==:17 a=IkcTkHD0fZMA:10 a=v2DPQv5-lfwA:10 a=42Dk2T1fI0mS9-PlChgA:9 a=QEXdDO2ut3YA:10 none X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 09:06:43 -0000 User Hasse schreef op 2018-03-07 08:19: > Hello All > I belive I see an increased amount of abuse attempt on my server by > several 100% > in the last couple of months. Anybody else noticed ? > I saw this all the time, until I removed access to sshd from the internet (only possible through VPN). You can use solutions like sshguard to block these (after a few false tries). I use ossec to null-route all kind of 'failures' (also some script kiddie trying to find my myPHPAdmin, and generating 10+ 404's on my webserver). -- Met vriendelijke groet / Kind regards / Mit freundlichem Gruß Peter Boosten