[development] Fully patched site hacked and cloaked

Samir Nassar samir.nassar at gmail.com
Wed Jan 27 19:31:46 UTC 2010

On Wed, Jan 27, 2010 at 1:11 PM, Jason A. Nunnelley <jason at jasonn.com> wrote:
> On Wed, Jan 27, 2010 at 1:03 PM, Domenic Santangelo <domenics at gmail.com>
> wrote:
>> I'm hearing some complicated attack vectors being tossed around in here
>> (password sniffing, mitm, etc) -- don't forget about a pretty simple one:
>> dictionary attacks. I recently took over a project for a small-medium sized
>> client and upon looking at the secure log noticed 50k+/day dictionary
>> attacks against SSH. I installed fail2ban and now get 5-6 emails daily about
>> brute-force hack attempts.
> Just wonder why you don't simply block attempts beyond 5 or 10.

If you are going to go through the effort of fail2ban and similar
software why not use Public Key Authentication and call it good?

Samir Nassar

More information about the development mailing list