[development] Fully patched site hacked and cloaked

Frederik Grunta fgrunta at gmail.com
Wed Jan 27 20:31:21 UTC 2010


Fail2Ban automatically adds a iptables rule to block all traffic from the
atacking address, and then sends off an e-mail informing you - so it does do
that

2010/1/27 Jason A. Nunnelley <jason at jasonn.com>

> On Wed, Jan 27, 2010 at 1:03 PM, Domenic Santangelo <domenics at gmail.com>
> wrote:
> > I'm hearing some complicated attack vectors being tossed around in here
> (password sniffing, mitm, etc) -- don't forget about a pretty simple one:
> dictionary attacks. I recently took over a project for a small-medium sized
> client and upon looking at the secure log noticed 50k+/day dictionary
> attacks against SSH. I installed fail2ban and now get 5-6 emails daily about
> brute-force hack attempts.
>
> Just wonder why you don't simply block attempts beyond 5 or 10.
>
>
> --
>
> Jason A. Nunnelley
> ----------------------------------------
> http://www.jasonn.com
> http://www.tekany.com
> +1 256 297 1652
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20100127/482f1c19/attachment.html 


More information about the development mailing list