SSH Login Attacks

A few months ago, I began seeing our 'secure' log files fill up with entries stating: "Failed password for illegal user [username]". I decided to search the Internet to find out if others were experiencing these attacks and, hopefully, find a solution. I did uncover a lot of information on the subject, but discovered only a few script-based solutions. None of these, however, seemed... well... elegant.



Title  Last Comment
Hacking the new more secure credit cards  
- This hack has been blocked, but I'm sure more will come. -

Logitech Circle Camera  
- Logitech Circle Camera is a simple home camera that watches all day long and saves interesting clips. -

Why should I trust The Cloud?  
- Why should I trust The Cloud? There is no cloud, it's just a computer that's located somewhere else! -

I fell for a Microsoft phone scam. What should I do now?  
- I fell for a Microsoft phone scam. I let them access my computer, but didn't pay any money. What should I do now? -

With security software, the cure can be worse than the disease  
- With security software, the cure can be worse than the disease -

Are you kidding me, Apple?  
- Are you kidding me, Apple? This is what you call making IOS apps secure? XcodeGhost infects IOS store -

How can I open eml files with Outlook?  
- How can I open eml files with Outlook? Windows 7 and Windows 8 machines won't work when I double-click an eml file. -

Is is safe to visit my bank if I'm using unsecured wifi?  
- Is is safe to visit my bank or other secure sites like Gmail if I'm using unsecured wifi? -

Take Control of Security for Mac Users  
- Most security books are too technical for the average reader. Take Control of Security is not - learn how to protect yourself with this new book by Joe Kissel. -

Another router security flaw - netUSB  
- This netUSB vulnerability is real, but I have to ask why anyone ever thought netUSB was a good idea? -

Canary is a good idea at a ridiculous price  
- While I do like the idea of the Canary Honeypot, the price is utter nonsense. There's nothing difficult about doing this and nothing worth that kind of money. -

Google helps you with privacy now and after you are gone  
- It's not just privacy, though: you can also tailor ads and search results to be more relative to your needs -

The Moose Linux Router Worm is more like Bullwinkle, honestly  
- Honestly, how can you look at me with a straight face and call this a Linux security issue? It isn't: it's an idiot's security issue. -

Why use a VPN instead of opening ports?  
- I need to access my security cameras from home. My camera guys says we need to forward ports on the firewall, but my firewall guy says I should use the VPN instead -

Google Password Alert - barn doors and horses  
- Although two factor authentication protects you more, users who will not or cannot use that might consider this. To me, this seems like a silly answer! -

Managing iptables drop lists  
- After blocking large numbers of sites accidentally, cleaning them out is easier with this script -

Mac OS X 'rootpipe' is not a backdoor  
- An exploit that requires a local login is not a back door. It's not even an open safe. Most of us have nothing to fear. -

Spotting Click Bombing with Google Analytics  
- Here are two simple Analytics report that could help you spot click bombing and identify the source -

Someone is click bombing me  
- If someone is trying to damage you, here's how to track them down and stop them -

 
 











 
 
Are A/V vendors really this clueless?   2015/04/15 TonyLawrence
- This botnet infected an additional 128,000 new computers each month over the past half year and the A/V folks couldn't stop it? -

Hassle free SSL/TLS?  
- Hassle free SSL/TLS? Let’s Encrypt: Delivering SSL/TLS Everywhere -

Is your password safe?   2014/12/01 TonyLawrence
- Is your password safe? Kasperksy may not think so even if other sites say it is. -

Clicky Analytics for your website  
- Clicky Analytics offers some advantages over Google Analytics and can be used alongside too. -

More about Cloudflare  
- CloudFlare should now be fully active on this site. Visitors should only see speedups in page loads and no adverse affects. -

Expectations of privacy - time to shut it down?  
- Groklaw shuts down, the NSA spying gets worse. Is this Orwellian or just business as usual? -

Basic software firewall introduction for home users  
- You almost certainly have a software firewall on your Windows or Mac computer. You also probably have a hardware firewall. Understanding just a little bit about them can save you trouble. -

Using SCO Unix as a firewall  
- Given the current cost of hardware and the availability of Linux software, why on earth would you want to run a firewall on a production server? -

Script to block DOS attacks   2013/06/03 TonyLawrence
- People steal content. If you run a website, you almost certainly know that; here is a simple script to block annoying abusers and possibly stop a little theft, too. -

Wireshark 101   2013/05/27 TonyLawrence
- Silly me. I really should have started using Wireshark long before this! -

Book Review - Michal Zalewski's 'The Tangled Web'   2011/11/12 TonyLawrence
- We will not have ventured very far into the Internet forest before we realize that our 'crack team' of web browsers is anything but. Most of them can't seem to tell a squirrel from a poisonous snake. When they do decide to point their weapons at something threatening, we had better duck ourselves, because their aim is atrociously bad. Suspicious looking miscreants appear at the edges of our trail and beckon us to follow them into the dark woods; our guides lay down their weapons and, with beaming grins, trot off never to be seen again! -

Can Online Services Be Secure?   2011/08/22 Ralph
- Recent data theft disasters have shown that it is not enough to operate a "secure server" and leave all customer's information unencrypted on this server. Because if you think your secure server is invincible, all your customer's data is at risk, the moment it turns out that the secure server is not as secure as you thought. -

Helping my sister-in-law with Gmail   2011/06/02 TonyLawrence
- I'd rather send pictures or a move than take control of their computer. They can refer back to what I sent over and over again. -

A SCO Openserver to Red Hat Linux Conversion   2011/04/02 TonyLawrence
- A detailed history of a SCO to Linux Conversion - including desktop users. -

Off we go into the wide blue yonder  
- It seems like everyone says 'move to the cloud', but there are questions you need to ask before you do that. -

Questions about the new MA data security law   2010/03/03 TonyLawrence
- New requirements for the protection of personal data by businesses are confusing at best. -

New Mass. Data Security Laws   2010/03/02 TonyLawrence
- New security requirements could affect consultants as well as the business clients they serve. -

Basic TrueCrypt Usage   2010/01/12 TonyLawrence
- People have said that they installed TrueCrypt, but have no idea what to do next. OK, maybe the interface isn't all that user friendly. -

A strangely compromised Linux box  
- A customer reported that a Linux machine used for ssh access (to in turn give telnet access to an ancient SCO machine) was refusing logins. -

Prevent deletion or moving of files  
- You need to let users create files in a common directory, but you don't want them to be able to delete other's files. Or you've put certain files, directories or symlinks into a user's home directory and don't want them to be able to mess with any of those. What can you do? -

I don't WANT the Internet to forget!  
- Wouldn't we all be better off if we stopped pretending that we are perfect or even close to it? -

A fish is not a hack  
- It's annoying that news media doesn't distinguish between a true hack like someone breaking into Google and a phishing exploit like this -

Powerful crypto from the UNIX command line  
- The importance of OpenSSL toolkit for crypto cannot be overestimated. -

Protect your Laptop with TrueCrypt  
- Truly affordable hard drive, laptop and USB Drive encryption software for your business critical data -

How relevant is a good antispam solution for you?  
- Comparing anti-spam methods - keeping spam out of your mailbox is never perfect. -

The future of biometrics in business  
- Arousing a computer's suspicion could cause more video cameras to turn toward you. In a high-tech future, you might standout on a video screen. -

Remote OS fingerprinting  
- Operating system identification by passive or active os fingerprinting is useful for many reasons. -

Windows Spam on Linux  
- There were some .wine files in our /tmp, which would explain the Windoze-like appearance -

SpamCheetah  
- we all know the kind or problem that spam is causing -

Security vs. Convenience  
- Sure, if you want to completely destroy your security -

The Myths of Security  
- I think this is easily the most entertaining security book I've ever read. John has a sense of humor and strong opinions. Combine that with a lifetime of experience in computer security and you get a fun read. -

 
 
Samepage - Redefining how people create and share information
 
 
Opera Unite is a little Wave  
- Opera's servers access your content and share it with others. -

Super Secret TV Listings  
- I've complained before that both Verizon and Comcast are so anxious to sell that they neglect to make it easy for existing customers to use their website. -

Centos ssh failure  
- I have a customer who uses a fairly new Centos server to function as an ssh gateway to his ancient SCO box. On Friday he told me that no one could ssh in. -

Help - I'm on a blacklist  
- You are getting bounced mail that says your email can't be delivered because you are on a blacklist -

Web Content Filtering  
- The vision of employees wasting valuable time on the web haunts some employers -

Stopping Identity Theft  
- I am constantly being pitched Identify Theft Protection by my credit card company, my bank and of course on TV. -

Testing for Conficker with Nmap   2013/04/16 anonymous
- The latest nmap release can test Windows machines for Conficker infection -

Are we ever going to get serious about Security?   2011/03/20 TonyLawrence
- Linux users have reason to be smug, but the danger for Linux is the same as it is for Apple. Linux is doing a better job, but there has to be eternal vigilance. -

Recovery Time Objectives  
- The RTO is a goal or an ideal time in which you need a specific resource or service to be available following an interruption or outage. In essence -



More Security articles