Higher than usual cracking attempts this month?

[CathyInBlue]

Anyone else with persistent Internet seeing a higher than usual rate of cracking attempts this month?

I have Linux and I'm seeing my /var/log/btmp (failed logins) file ballooning to over 600 MB for the month of January alone. Dozens of failed attempts from single IP addresses a second for several minutes. Then, a little while later, it starts doing it again. Sometimes, it's a different IP address. There will always be the script kiddies. They just try a few and then bugger off. Makes no difference, other than I could use that disk space for more useful things. My successful logins (wtmp) file shows nothing getting in, but just the rapid fire and persistent attempts is eating my hard drive space. Thinking of getting my DSL modem a new IP address. Maybe get off these doorknobs' radar.

If you're running Linux, but are a novice, use the command `last` to check successful logins, `lastb` to check failed. Is it just me, or do more of you see this activity?

 

[hoosierdoc]

I'm just going to post here to keep you company on this cold evening

 

[Dosproduction]

I wish I knew how to do this stuff. Can I get Linux on my Mac?

 

[Fishersjohn48]

I like turtles.

 

[MCgrease08]

 

[Bennettjh]

 

[indyjohn]

Bill Gates is in it for the long haul...

Long Live Windows 10.

 

[jamil]

I wish I knew how to do this stuff. Can I get Linux on my Mac?

Your mac is UNIX. Open a console window and type the word last at the prompt and hit return.

ETA: you can use spotlight to do this. In spotlight type in Terminal to open the console.

 

[churchmouse]

My Google-Fu is so weak.

 

[squidvt]

The bots nets are busyer then normal. I run number linux servers and have a lot of fail2ban messages due to log failures. It's the new year.

 

[CathyInBlue]

Considering, I have SSH configured to refuse logins to root in the first damn place, I myself would know to never attempt such a foolish thing, I need to add a cron job to toss any IPs for root found in btmp into the iptables filters. That'll keep my btmp to a reasonable size.

No. I will not translate the above sentence for non-techies.

I'm going to bed.

 

[churchmouse]

Considering, I have SSH configured to refuse logins to root in the first damn place, I myself would know to never attempt such a foolish thing, I need to add a cron job to toss any IPs for root found in btmp into the iptables filters. That'll keep my btmp to a reasonable size.

No. I will not translate the above sentence for non-techies.

I'm going to bed.

That really made my head hurt......

 

[pudly]

Translation: Someone is trying to log on to the machine as root (aka administrator) and Cathy is going to filter out those login attempts and no longer see them in the logs.

 

[churchmouse]

Translation: Someone is trying to log on to the machine as root (aka administrator) and Cathy is going to filter out those login attempts and no longer see them in the logs.

Now that was much easier.

 

[GunSlinger]

Not to go tin foil but I do believe there is a lot more then just script kiddies running gambits. Lots of bot nets.

 

[squidvt]

Considering, I have SSH configured to refuse logins to root in the first damn place, I myself would know to never attempt such a foolish thing, I need to add a cron job to toss any IPs for root found in btmp into the iptables filters. That'll keep my btmp to a reasonable size.

No. I will not translate the above sentence for non-techies.

I'm going to bed.

I use Fail2Ban. That does it very well and you can lock them out for as long as you want.

 

[bwframe]

I've seen a LOT of my email contacts compromised. Widner's, is the latest.

 

[Shadow]

Considering, I have SSH configured to refuse logins to root in the first damn place, I myself would know to never attempt such a foolish thing, I need to add a cron job to toss any IPs for root found in btmp into the iptables filters. That'll keep my btmp to a reasonable size.

No. I will not translate the above sentence for non-techies.

I'm going to bed.

That really made my head hurt......

Translation: Someone is trying to log on to the machine as root (aka administrator) and Cathy is going to filter out those login attempts and no longer see them in the logs.

I have to agree with CM - that was just __________________ . Thank you pudly for clearing that mud up .
Im not a tecky . But I have been seeing a lot of hacking going on , my email was hacked and sent out a email to all my contact -lol- asking to send $2000. cause I was in trouble , of course no one sent no money darn it ,but I did get a lot of phone calls hahahaha .. any ways it ended up being a hacker out of Chicago ,and I have seen changed my passwords and added protection

 

[KellyinAvon]

We a notice at work yesterday that some folks had got an e-mail from a .gov address (I work for the VA, don't hate) that said their password expired and to click here. Phishing is old, .gov address is new.

 

[Lectric102002]

I use Fail2Ban. That does it very well and you can lock them out for as long as you want.

I know some former members that could have used that. But that's another thread.