![[RSS 2.0]](/images/png/rss20.png)
![[RSS 0.91]](/images/png/rss091.png)
![[Blosxom Powered]](/images/png/blosxom.png)
![[Bursledon Parish]](/images/png/bursledon.png)
![[Use openSUSE]](/images/png/opensuse-green.png)
![[Get Firefox]](/images/png/firefox.png)
![[Lib Dems]](/images/png/button_libdems.png)
cron job would be
doing anything, a quick bit of investigation revealed that
home.rubberturnip.org.uk was the subject of a sustained attack on
the SSH daemon. Looked like a brute force job, and it wasn't being successful
unless the intention was to piss me off.
It triggered me to finally install logcheck on that box (thanks
Justin for the package) and I noticed that
there were other machines attempting similar attacks (is there a worm abroad at
the moment that I'm not aware of?) although not quite as sustained as that first
one, which was doing it for about two hours!
So, firstly, I've started blocking the originating IPs (and I reported the first one to the ISP in question), and secondly I'm going to post offending IPs here. The IPs I am currently blocking then are as follows:
62.80.128.11 203.130.33.203 213.56.25.38 212.227.21.132
202.110.193.231
Other news: CTW203 finished.