Bot Net slowing down
As a follow on to my post about the slow cycle bot net it now looks like its slowing down (i.e. Fail2ban has blocked most of the compromised machines).
A very large but sneakily slow bot-net?
Anyone who runs a server is used to it to being attacked by compromised machines which target their SSH services, their web services and their email services. The attack on the email services takes two forms : either trying to relay email through the SMTP server or trying to break into the POP3 server using […]
Fail2Ban working hard
Graph courtesy of Monitorix:
Bad IPs
Its the list of usual suspects – China featuring high in the list of machines trying to break into servers (no surprises there) and OVH : 89.248.174.27 60.173.16.74 161.0.153.110 123.214.172.84 218.27.147.130 120.203.25.58 41.110.189.60 62.99.78.120 155.4.33.255 223.241.247.6 218.5.3.45 46.181.62.158 221.3.236.94 114.251.196.28 113.195.181.52 117.245.8.29 184.168.116.130 41.134.156.241 211.103.155.236 216.248.98.187 180.166.246.174 103.238.15.67 58.62.55.130 190.185.133.243 111.16.48.137 222.177.182.10 166.62.88.83 58.242.164.10 122.144.136.211 […]
More shit from the internet
I tightened up the fail2ban rules after looking at my mail logs. The result is impressive but at the same time depressing … so many machines trying to break into my server. Several from GoDaddy…. I guess they’re starting to sit in the same place as OVH when it comes to hosting scum.