Article 7729 at 06/10/27 03:55:20 From: kenmarcus (at mark) precisionweb.net Subject: [coba-e:07729] Re: Brute? Am I being attacked?

Index: [Article Count Order] [Thread]

Date:  Thu, 26 Oct 2006 11:49:09 -0700
From:  "Ken Marcus - Precision Web Hosting, Inc." <kenmarcus (at mark) precisionweb.net>
Subject:  [coba-e:07729] Re: Brute? Am I being attacked?
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <078f01c6f92f$6c352840$6700a8c0@OfficeKen>
References:  <453FBA47.9030809 (at mark) digitalcollision.com> <fc.000f814700259a873b9aca0079ee0022.259a8a (at mark) fc.zio.com>
X-Mail-Count: 07729

From: "Steve Davis" <steve (at mark) zio.com>

>
> I found 231 process running on a all yummed up BQ this afternoon with half 
> of them a
> Brute process.
>
> Any ideas. I have killed all and rebooted, not sure the box will come back 
> or if the
> process will come back.
>
> Steve

Install the APF firewall with ingress filtering only.
Install the BFD with it to auto-block the Brute force by SSH, ProFTPD, etc 
IP addresses.

And since the /etc/cron.hourly/log_traffic does not like the firewall:
mv /etc/cron.hourly/log_traffic   /etc/

----
Ken Marcus
Precision Web Hosting, Inc.
http://www.precisionweb.net