Man, they'll try anything to hack your system...
Thomas Charron
twaffle at gmail.com
Fri Jan 27 11:01:01 EST 2006
On 1/27/06, Fred <puissante at lrc.puissante.com> wrote:
>
> On Thursday 26 January 2006 14:49, Thomas Charron wrote:
> > On 1/25/06, Paul Lussier <p.lussier at comcast.net> wrote:
> > > Oy.
> > > I almost never look at my apache logs. I probably should, but I
> > > don't. Tonight I was perusing them and noticing the activity in the
> > > access.log and was amazed at the things these people try:
> > I enjoy poking at any sort of logs for something connected to the net
> > now adays. The sheer amount of SSH attempts per day boggles the mind.
> Yep. Which is largely why I moved my ssh off of port 22. Ssh attacks went
> to
> zero after that. There's a V.1 vulnerability that was exploited once, so I
> now make sure V.1 ssh is disabled.
Personally, I'm just leaving it there. If the machine happens to get
compromised, I have VMWare taking a snapshot each day, and I store a few
days worth of snapshots, and one a week keep a snapshot that I'll keep for a
month. If/when it gets compromised, I can just revert to a previous
snapshot. Since the nature of the box is development, it should be ok.
> I've gotten comments from some others that watching the logs in realtime
> is
> very "Matrix-like", though I have yet to see the blonds, brunettes, and
> red-heads in them! ;-)
Hehehe. Well, sometimes, you can see where they're coming from, and I do
tend to look at, say, french IPs wearing a little hat, etc.. ;-)
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20060127/cd616cd8/attachment.html
More information about the gnhlug-discuss
mailing list