[Tfug] OT: Reporting Network Abuse?

Christopher Robbins robbinsc at gmail.com
Sun Jun 24 13:26:37 MST 2007


I've opened up one of my boxes to the internet, and I've got the system
locked down as much as possible.  However, having SSH access
is nice,  so I've opened it up.  I've thought about using a different
port...

In leaving SSH open, I've noticed a ton of failed login attempts, like this
-

# vi /var/log/messages
...
Jun 24 03:39:12 linux-x8yr sshd[13530]: Did not receive identification
string from 58.61.157.137
Jun 24 03:45:42 linux-x8yr sshd[13553]: Invalid user fluffy from
58.61.157.137
Jun 24 03:45:46 linux-x8yr sshd[13555]: Invalid user admin from
58.61.157.137
Jun 24 03:45:48 linux-x8yr sshd[13557]: Invalid user test from 58.61.157.137
Jun 24 03:45:50 linux-x8yr sshd[13559]: Invalid user guest from
58.61.157.137
Jun 24 03:45:56 linux-x8yr sshd[13561]: Invalid user webmaster from
58.61.157.137
Jun 24 03:46:03 linux-x8yr sshd[13565]: Invalid user oracle from
58.61.157.137
...

My question is - is it worth it to report the box to abuse at domain?  Does
anything get done?
I called RoadRunner the other day, and they had an automated message that
demanded an email
with all relevant logs/etc before they'd think about doing anything.

Thoughts?

  - Chris

-- 
Chris Robbins
Systems Programmer
Department of English - University of Arizona
http://www.homerengineeringcorp.net



More information about the tfug mailing list