Date: Tue, 05 Jun 2007 08:20:21 +0200 From: Arthur Sherman <arturs (at mark) netvision.net.il> Subject: [coba-e:10005] Re: Noticing increased SSH attacks To: coba-e (at mark) bluequartz.org Message-Id: <17A36555C92341EDB850B858AC91A623@pub> In-Reply-To: <044e01c7a6c7$947f6c70$bd7e4550$@net> X-Mail-Count: 10005thanks for heads up! _____ From: Darrell D. Mobley [mailto:dmobley (at mark) uhostme.net] Sent: Monday, June 04, 2007 18:44 To: coba-e (at mark) bluequartz.org Subject: [coba-e:10004] Noticing increased SSH attacks I have been noticing an increase in SSH dictionary attacks and attacks aimed at Joomla/Mambo systems in my logs recently, a LARGE increase. One of the things that perplexed me was why SSHDFilter was not blocking the IPs responsible for the attacks. When I looked, I discovered that an SSH update on May 2, 2007 had moved my SSH init script to sshd.rpmsave and installed a new sshd script, effectively ceasing my SSHDFilter's operation. So if anyone has SSHDFilter installed, you might want to check the status of your script in /etc/rc.d/init.d/ and see if it's still operational.10005_2.html (attatchment)(tag is disabled)