Man, they'll try anything to hack your system...
Fred
puissante at lrc.puissante.com
Fri Jan 27 08:54:01 EST 2006
On Thursday 26 January 2006 14:49, Thomas Charron wrote:
> On 1/25/06, Paul Lussier <p.lussier at comcast.net> wrote:
> > Oy.
> > I almost never look at my apache logs. I probably should, but I
> > don't. Tonight I was perusing them and noticing the activity in the
> > access.log and was amazed at the things these people try:
>
> I enjoy poking at any sort of logs for something connected to the net
> now adays. The sheer amount of SSH attempts per day boggles the mind.
>
> A week or so ago I setup a new box on a VMWare instance, and just
> forwarded port 22.
>
> *wham* Beeeelions of login attempts from all over the world..
Yep. Which is largely why I moved my ssh off of port 22. Ssh attacks went to
zero after that. There's a V.1 vulnerability that was exploited once, so I
now make sure V.1 ssh is disabled.
As far as apache logs, for my major websites, I do keep a "ssh acct at website
tail -f logfile" running for both access and error logs. The error logs are
highly amusing. Constant queries for non-existent pages and directories for
some of the most popular web-based software.
It's nice, though, seeing the queries happen in realtime, as I learn a lot
that way. Bot activity represents 90+% of the traffic, and there are all
kinds of bots that I had never seen before, along with the usual Slurps,
GoogleBots, and MSNBots that are my friends. I've been debating if I should
disallow all the other bots since they do put quite a load on my servers.
I've gotten comments from some others that watching the logs in realtime is
very "Matrix-like", though I have yet to see the blonds, brunettes, and
red-heads in them! ;-)
-Fred
More information about the gnhlug-discuss
mailing list