Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Debian, Suse, Knoppix, Dyna:bolic, Mandrake [couple of years ago], Slackware [1993 or so]
Posts: 150
Rep:
# of hacking attempts vs system size vs time
Just out of interest is that a normal amount of hacking attempts for our system size?
Our server runs about 20 webservers and 50 email accounts .
When we started the system there were until we shut it down 50.000 emails sent over us with a couple of hours on the first day. Since we reside with a big service provider in Germany, maybe they target them proforma. We had a system in the States before, the amount wasn't nearly as big as that.
Timeframe is from beginning September to today. In the mo I have hosts.allow and firewall running, no root login and only certain machines incoming. I'll look into keygen ssh.
# some specific drop IPs just for troublemakers.
203.236.241.189 -j DROP # illegal login attempt ssh
210.105.240.195 -j DROP # illegal login attempt ssh
210.83.195.78 -j DROP # illegal login attempt ssh
217.113.73.102 -j DROP # illegal login attempt ssh
69.28.69.138 -j DROP # illegal login attempt ssh
193.204.49.40 -j DROP # illegal login attempt ssh
203.236.241.189 -j DROP # illegal login attempt ssh
220.168.17.55 -j DROP # illegal login attempt ssh
62.117.78.34 -j DROP # illegal login attempt ssh
213.69.152.70 -j DROP # illegal login attempt ssh
80.55.252.66 -j DROP # illegal access on http script
67.113.225.67 -j DROP # illegal ftp login attempt 7.9.2004
218.84.100.230 -j DROP # illegal ssh login attempt 7.9.2004
12.174.224.3 -j DROP # illegal ssh login attempt 8.9.2004
61.166.6.60 -j DROP # illegal ssh login attempt 9.9.2004
80.207.208.85 -j DROP # illegal ssh login attempt 10.9.2004
69.31.86.200 -j DROP # illegal ssh login attempt 11.9.2004
211.248.173.2 -j DROP # illegal ssh login attempt 11.9.2004
216.9.241.69 -j DROP # illegal ssh login attempt 12.9.2004
81.169.151.2 -j DROP # illegal ssh login attempt 12.9.2004
81.169.151.3 -j DROP # illegal ssh login attempt 13.9.2004
134.34.53.250 -j DROP # illegal ftp login attempt 14.9.2004
218.188.4.24 -j DROP # illegal ssh login attempt 15.9.2004
220.73.215.151 -j DROP # illegal ssh login attempt 15.9.2004
66.28.204.50 -j DROP # illegal ssh login attempt 16.9.2004
81.169.157.38 -j DROP # illegal ssh login attempt 16.9.2004
81.169.151.34 -j DROP # illegal scan attempt 17.9.2004
212.34.65.198 -j DROP # illegal ssh login attempt 17.9.2004
212.34.65.197 -j DROP # illegal ssh login attempt 17.9.2004
212.34.65.198 -j DROP # illegal ssh login attempt 17.9.2004
212.34.65.199 -j DROP # illegal ssh login attempt 17.9.2004
212.34.65.200 -j DROP # illegal ssh login attempt 17.9.2004
212.34.65.201 -j DROP # illegal ssh login attempt 17.9.2004
84.128.7.59 -j DROP # illegal ssh login attempt 17.9.2004
134.34.53.250 -j DROP # illegal ssh login attempt 17.9.2004
84.128.7.59 -j DROP # illegal ssh login attempt 17.9.2004
219.140.166.19 -j DROP # illegal ssh login attempt 18.9.2004
148.235.242.165 -j DROP # illegal ssh login attempt 19.9.2004
205.209.168.20 -j DROP # illegal ssh login attempt 19.9.2004
202.30.32.19 -j DROP # illegal ssh login attempt 19.9.2004
80.67.224.21 -j DROP # illegal mysql login attempt 3.9.2004
66.199.181.64 -j DROP # illegal ssh login attempt 21.9.2004
80.128.94.56 -j DROP # illegal ssh login attempt 22.9.2004
210.212.204.37 -j DROP # illegal ssh login attempt 22.9.2004
61.184.104.236 -j DROP # illegal ssh login attempt 22.9.2004
218.232.104.41 -j DROP # illegal ssh login attempt 22.9.2004
201.10.45.4 -j DROP # illegal ssh login attempt 23.9.2004
218.188.9.51 -j DROP # illegal ssh login attempt 23.9.2004
148.215.14.181 -j DROP # illegal ssh login attempt 24.9.2004
70.240.3.138 -j DROP # illegal ssh login attempt 24.9.2004
On a single machine/IP I'm seeing about 2 attempts per day on average, with occasional spikes of about 5-10 repeated login attempts from a single IP address. So that looks to be about the same as what your seeing. That's not from high profile systems either, so they shouldn't be attracting any abnormal attention. If you want anything more mathematically exact, I'll have to break out my abacus.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.