Shyam Mani (fox2mike) wrote,
Shyam Mani

  • Mood:

Brute force attempts over SSH

Somewhere around July 2004, there was this nuisance script that attempted to break into machines running sshd. All the script did was try to log in to machines that weren't secure enough like for example if you had an account with guest/guest as username & password or if you were dumb enough to not set passwords at all, you could be in a spot of bother.

Then, somewhere along the line, the script just became better. What started with the standard guest/guest, root/root, admin/admin grew up to trying out other username and password combinations, found more foolish people on the Internet and started keeping track of the new additions.

The log entries on your machine during an attack would be something like :

Dec 13 07:50:54 [sshd] Invalid user tei from
Dec 13 07:50:57 [sshd] Invalid user cherry from
Dec 13 07:51:01 [sshd] Invalid user nmap from
Dec 13 07:51:04 [sshd] Invalid user perl from
Dec 13 07:51:07 [sshd] Invalid user elaine from

From my sshd logs between May 2005 & today, I've had 2930 unique usernames trying to login from abigale to annette, david to takahashi. If you're curious, all the 2930 are up in alphabetical order here.

The attacks originated from the following addresses.

To be on the safe side :

  1. Don't have dumb accounts even for a small amount of time. A dumb account would be one with the username as the password.

  2. Don't run sshd unless you really need it.

  3. Use key based authentication only as far as possible. This eliminates the need for passwords and there is no chance of a brute force attack succeeding.

  4. Never have blank passwords.

  5. Run sshd on a non-standard port if you can afford to.

More info on ssh ->

Update : Found a nice wiki page on this ->
Tags: security, ssh, tech

  • Budday

    Your Birthdate: March 24 You understand people well and are a natural born therapist. A peacemaker, people always seem to get along when…

  • Effing Firefox

    Spending over 2 hours thinking that you messed up an Apache config and finding out finally at 0315 in the morning that it was Firefox that was…

  • Extensions

    ti22 had asked about this a while here goes... Firefox extensions I use as of now : 1) User Agent Switcher 2) TinyURL…

  • Post a new comment


    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    default userpic

    Your IP address will be recorded