This "survey" to crown our DP forum most-hacked-champ of course has a much deeper meaning and sense than just to have fun! Now I smile at my own ignorance years back - but the situation is death-serious. Cyber crime is a serious offense and cyber crime in many variations exist every single day on an everage server / site - the question is wether you know, observe and act properly or wether all is happening "behind your back" leaving you an innocent cherry webmaster/webdiva believing all world is pink and all is like heaven on earth in our www world. ON global level cyber crime causes hundreds of Millions US $ or even more likely Billions of US $ in damage. My firm opinion AND experience is that anyone saying "none" to all above simply has no idea what is going on ON HIS server / site! Those who fail to be able to provide EXACT numbers prove that they have NO idea how to monitor afterwards their logs for attempted or successful hacker attempts. The key purpose however should be that OLD high traffic site owners / server owners share their exact numbers to shock and wake UP all those who belief that being hacked is only for dummies or never may occur to "them" but only to "others" or those who don't care about damages and liability / responsibility of a site owner / server operator. Until a few days ago - on 09 Nov 2007 - when I did my full and exact count - I had exactly 218'937 SSHD knocks / password crack attempts. those who may have fail2ban installed of course have less - I have NO fail2ban installed for a solid reason and I prefer to let hackers try and watch them. Since I am basically 24/7/365 online - I prefer to look into my enemies eyes and face them rather than locking the door and force them to try other means / backdoors. I would appreciate if all the old - MANY years long full time site owners / server operators would share their numbers / experiences hoping that at least a few newbies may get waked up and start to improve their own knowledge about scripts and logins to secure their site / server as good as possible.
We run ssh on a non-standard port because our intrusion detection system was sending us batty with all the login attempts. I had to answer "none" to the survey because since we changed the port we don't get any attempts because we aren't listening on port 22. Of course, that's on our personal webserver. On our production boxes ssh isn't connected to the outside world so the only things our intrusion detection complains about are the occasional mis-typed password or username. That wouldn't happen any more than once a week.
I have configured SSH to automatically email any root login attempts. I receive at least 5 brute force attempt emails per day. Damn nuisance but I know my box is secure !
since i switched the first days of my own server-time to serverkey auth - knocking port 22 is of no concern any longer, I preferred to to stay at port 22 for the simple reason to collect IP's of hackers while hackers may come from almost anywhere in the world - lots even from regular USA addresses ( non-proxy ) or DSL access of modern well structured countries ( DE/US ) knowing the IP makes it possible to report to ISP or owner of server and thus shut down at the very basics some hacker activities for many other hack-attempts it was apparent that many come from certain IP's leading to an expanding list of iptables sshd is among all hack attempts the easiest to secure - permanently blocking away a substantial share of all "hacker-nests" never removes the danger or replaces the duty to secure all my other security risk-potentials but it makes it all a substantial part more annoying to hackers my opinion: hackers are a huge untampered number of potentially creative/productive and above all highly skilled IT ppl - when hacking becomes stressful or annoying, hopefully some at least figure out that doing honest productivity jobs brings more satisfaction than spending days or weeks bouncing off more and more sites/servers across the web
I'm not even going to attempt to check the stats on our servers because they get poked and probed 24/7 on any common port. SSH we just block the IP entirely from the server after 3 requests so not a huge deal and not that many coming in. But the big one is SMTP which we receive probably some days thousands of different IP's checking. All of course getting blocked but it's simply amazing the # of bots out there searching for open relays.
SSH for me is pretty secure. Email alerts on failed logins (as well as successful ones) and the passwords are always created 12 to 24 bits in length. So a successful bruteforce could be done in a few millenium (that is of course unless I increase the bit length again)
yes it's amazing to see how huge the dark world of destructive ppl is who apparently is so rich that they spend all their $ into researching ways to damage others. if they would invest same efforts, HW and time into a nice online hobby/job, they could earn thousands of $/m to have some real fun. ssh portknocking is but a tiny part of the entire cyber crime / hacker scene
Hello, I don't have password crack attempt as SSH access is restricted to some hosts only. Meanwhile, I have 400+ hack attempts every day Mabuhay. Thibaut
I am currently working In France but used to work sa Pinas I have an asawa and a house in Davao. Cheers. Thibaut
It's all botnets and they aren't terribly difficult to establish. You'd be amazed how many 16 year olds have 10,000 computer botnets that ddos anything they disagree with. Of course always with no repercussions what so ever even if they're living in North America simply because they aren't a big fish yet in the eyes of the police.
yes I AM AWARE - one of the problem around these "16 yrs old" is that in the eyes of most "grown ups" they still are too young to do anything serious that "adults" are allowed to do - hence they do what 16 yr olds do best ... and every "small filsh" grows up into a "big fish" and is formed by what he was doing as a "small fish" a typical example of such "minor" abuse happened just weeks ago in a City of my host country PH - by official order / law all minors below 18 (!!!) have a curfue starting 1900 hrs. hundreds are arrested ... hence we "grown ups" give the young POTENTIAL often no other choice than do among kids what kids to best just to face challenges and grow beyond imposed limits. to prove millions of "adults" that creative power has no age limits, nor does intelligence - and wisdom never grows in confined worlds but in worlds open to experience, to experiment and to grow freely.
For SSH I have the servers email immediately me for any root access attempts. Thats a really great feature. On all nix servers I enable the logwatch which emails the activities from the previous day. It takes a few minutes to read all emails but it gives me an overview of the different attacks we receive. We also have brute force firewall which blocks more than a certain amount of failed attempts and the user is blocked either for days or weeks.
My server drops the ip after 3 incorrect attempts to the shell using iptables, it's filter out my ip so I won't be affected.
Most of the password brutes these days are automated unless your asking for trouble. There are so many bots/zombies out there now, we don't even know if our own childs computer is infected or not. The internet is no longer safe, much like our societies within our world today.