[NCUC E-team] Server under attack
ncuc at tapani.tarvainen.info
Thu Oct 16 14:40:28 CEST 2014
It looks like ncuc1 is presently under ssh dictionary
attack, authlog is full of stuff like this:
Oct 16 14:27:30 ncuc1 sshd: Failed password for root from 18.104.22.168 port 2955 ssh2
The attack won't succeed, root password logins have been
disabled since the beginning, but if it intensifies
it may slow things down (and it may be something like
that caused the overload last week, too).
It probably isn't particularly directed at us, looks
more like a script kiddie scanning everything in sight.
For the curious, the that IP address is in China.
If somebody feels like contacting their ISP,
whois gives good-looking contact info.
Otherwise, I guess it might be a good idea to tighten
the box a bit.
More information about the E-team