[Chugalug] Website scanners (was d at mn scammers/hackers)
boodaddy at gmail.com
Thu Oct 18 04:23:23 UTC 2012
Somehow I didn't get the original thread but I got this fork.
I have noticed an huge increase in brute force attempts on my co-located
server. They have been hitting SSH and Exim. I am running CSF / LFD on
recommendation from Randy and love it, but the attackers appear to be
hitting from a huge range of IP's and only a few hits at a time, and then
they move to a different IP and attack again.
I have not been hacked, but I don't like all this "negative" brute force
On Wed, Oct 17, 2012 at 11:45 PM, Dave Brockman <dave at brockmans.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 10/17/2012 11:15 PM, David White wrote:
> > To fork the thread, anyone know of any services you can use, and/or
> > or scripts you can run to check the public facing code of sites
> > and ensure there's nothing malicious?
> > On the internal side of things, I wonder if it would just make
> > sense to periodically run an MD5 checksum via cron on each web
> > directory in the server(s) and compare that with the good hash
> > (stored externally, off the server, of course).
> - --
> "Some things in life can never be fully appreciated nor
> understood unless experienced firsthand. Some things in
> networking can never be fully understood by someone who neither
> builds commercial networking equipment nor runs an operational
> network." RFC 1925
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
> -----END PGP SIGNATURE-----
> Chugalug mailing list
> Chugalug at chugalug.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Chugalug