Date: Mon, 4 Jun 2007 12:44:09 -0400 From: "Darrell D. Mobley" <dmobley (at mark) uhostme.net> Subject: [coba-e:10004] Noticing increased SSH attacks To: <coba-e (at mark) bluequartz.org> Message-Id: <044e01c7a6c7$947f6c70$bd7e4550$@net> X-Mail-Count: 10004I have been noticing an increase in SSH dictionary attacks and attacks aimed at Joomla/Mambo systems in my logs recently, a LARGE increase. One of the things that perplexed me was why SSHDFilter was not blocking the IPs responsible for the attacks. When I looked, I discovered that an SSH update on May 2, 2007 had moved my SSH init script to sshd.rpmsave and installed a new sshd script, effectively ceasing my SSHDFilter's operation. So if anyone has SSHDFilter installed, you might want to check the status of your script in /etc/rc.d/init.d/ and see if it's still operational.10004_2.html (attatchment)(tag is disabled)