[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
alan wrote: | Just to show you what I am having to put up with every day on my | webservers -
Curious we see "LOTS" of ftp server login attempts on occaison, they come in batches, so crackers or malware - hard to tell. I've been meaning to automate a way to tell if they have succeeded, as currently it is down to me spotting it in the logs which isn't very good, or autoblacklisting them (I think the software may already do something but it doesn't look like enough).
I guess it is only a matter of time before someone guesses an ftp password with that kind of approach, and gets a users chrooted ftp site. Seems a lot of effort for 'owning' one website, but I guess that is the perils of compromised PCs providing cheap bandwidth/resource.
I see lots of "guest"/"test" ssh login attempts - but rarely anything for "root".
| This is why it it important to | a) TURN OFF TELNET
telnet is okay - plain text passwords are a possible source of problems, but that isn't down to telnet (they are optional), and they seem to be mainly a problem once your systems are compromised.
There is another issue with plain text passwords, POP3, and worse a common fix involves keeping the plaintext version of all the passwords accessible from the POP3 server. The "crypt" approach to accepting plain text passwords and then encrypting it with a one way hash has a lot to recommend it - you can always encrypt the channel over which it came.
| I could show you my mail logs too, but that would scare you ! Lets just | say that in 2 days I have automatically /dev/nulled over 9000 messages, | on 1 server alone, just for trying to relay, and most of those have been | spam to catch-all addresses (which point to /dev/null anyway now.)
We seem to be /dev/null'ing similar numbers - my philosophy on not /dev/null'ing email hasn't been permeated throughout the email system yet. For some reason a previous admin has a whole domain that exists purely to bitbucket email, I haven't worked out if there is some subtle reason he doesn't just bounce them all. -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFBGQszGFXfHI9FVgYRAn1ZAJ9EFDnwvbPSzimixKHTEL550H89MACgq/uN G4y2Tfg8O+VobaPu7/Of3qw= =XNFv -----END PGP SIGNATURE-----
-- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.