[Discuss] Reading logwatch e-mails
Kent Borg
kentborg at borg.org
Wed Jun 12 12:09:17 EDT 2024
I recently started actually looking at logwatch e-mails I had been
ignoring. These machines have sshd listening on the open internet, and
man, there are a lot of failed ssh logins.
7924 seems like a lot for one day, for an obscure, rather new host. A
different machine that has been around much longer, but on a lower
bandwidth connection, got only 952; probably be in a more obscure block
of addresses, too.
I know there are people who hate seeing that going on, but I think it is
cute. Hardly any of the users are capable of logging in at all, and the
ones that can have good passwords that cannot be brute forced at sshd
rates. They aren't going to get in this way.
-kb
More information about the Discuss
mailing list