damn_registrars's Journal: Bad hacker - bad, bad, bad (new record)

This is a new record for consecutive attempts - and attempts per second - on my server. Some idiot using a Chinese IP address made at least 150,000 attempts on my system (all as root) in less than 4 hours. This was, of course, completely pointless as my system does not allow root logins and returns the same fail to the user who guesses the password correctly as to one who does not.

I'm not real sure why this person gave up, I'm sure they could have let their random password generator run longer. A few times they made 8 attempts per second on my system.

I know, there are plenty of things I can do to prevent this from happening in the future. I could also take the futile action of reporting them to their ISP. Instead I will just leave things as they are and keep laughing at them. I don't have nearly enough bandwidth for them to crash my server with too many requests, and my logs auto rotate in such a way that they can't fill up my hard drives with logs of their attempts either (although it might be time to increase the turnover cutoff by another factor of 10).

Random, maybe?

[mcgrew]

Perhaps they're simply targeting the wrong IP address, thinking you're Lockheed or somebody, or maybe they're just targeting random IPs.

Re:

[damn_registrars]

Perhaps they're simply targeting the wrong IP address, thinking you're Lockheed or somebody, or maybe they're just targeting random IPs.

I'm pretty sure most of these clowns use some sort of automated script that crawls around looking for IPs where the server answers on port 22 asking for a username and password. Most of these fools will just make a few dozen to a few hundred attempts and move on. This one apparently got stuck and unloaded a more extensive attack.

I've also been hit with distributed (botnet) attacks that have either done dictionary attacks on root or done a whitepages attempt looking for passwordless usernames. Those