Hacker activity?
Steve Suhre
steve at Antero.com
Thu Oct 28 09:41:32 PDT 2004
I'm not sure if this is the correct group...but I'm getting some weird
activity on the network. The security reports will show 50-100 attempts to
login to a server, most as root but some are attempts to login to other
seemingly random account names. The login attempts are through ssh or
telnet, all come from the same remote server, and all fail. I'm also
getting some odd cgi calls to a script on a secure ssl server. There's
nothing that this particular script could do for a hacker, but the script
is sent a random string, sometimes many times a minute, other times it's
every 2 -3 minutes. I grabbed the ip address and blocked it, and about 10
minutes later it had moved to another ip. I'm now blocking a range of ip's.
These don't seem like enough iterations to be very successful, the odds are
overwhelmingly in favor of the server at this rate... Does anyone have a
clue what might be happening or where I should go to find out?
---
Steve Suhre
Antero web technologies
719.634.8161
steve at Antero.com
More information about the freebsd-questions
mailing list