ssh attacks

This dedicated RH machine was put online this month. A collegue suggested I put the ssh port on some non-standard port.

[hendry@server tmp]$ cat attacks.sh TEMPFILE=`mktemp` sudo cat /var/log/secure* | grep Failed > $TEMPFILE for i in `seq 1 30` do DAY="Jun $i" echo -n $DAY : egrep "$DAY" $TEMPFILE | wc -l done wc -l $TEMPFILE [hendry@server tmp]$ sh attacks.sh Jun 1 :3685 Jun 2 :4326 Jun 3 :0 Jun 4 :0 Jun 5 :0 Jun 6 :0 Jun 7 :0 Jun 8 :0 Jun 9 :0 Jun 10 :1548 Jun 11 :517 Jun 12 :216 Jun 13 :1333 Jun 14 :0 Jun 15 :1 Jun 16 :30 Jun 17 :22 Jun 18 :18 Jun 19 :0 Jun 20 :93 Jun 21 :190 Jun 22 :522 Jun 23 :765 Jun 24 :638 Jun 25 :1 Jun 26 :1314 Jun 27 :787 Jun 28 :16 Jun 29 :0 Jun 30 :0 8011 /tmp/tmp.LhnKd20208

He’s got a point, though I hate non-standard ports.

Advertisement

If you like this, you might like the stateless Web kiosk software I develop. Webconverger typically replaces Windows on PCs and is deployed in public and business environments for ease of deployment and privacy. Once installed it auto-updates making it painless to maintain. Try it where you exclusively use the only viable open platform... the Web!