All the Perl that's Practical to Extract and Report

bash.org

Ovid on 2004-11-16T00:36:22

Snagged from bash.org:

<wankel> Apr 16 17:43:34 mankind.boredom.org ftpd[9720]: zirconium (bogus) LOGIN FAILED [from cv796573-a.hcksvle1.ny.home.com]
<wankel> Apr 16 17:43:34 mankind.boredom.org ftpd[9722]: zoology (bogus) LOGIN FAILED [from cv796573-a.hcksvle1.ny.home.com]
<wankel> Apr 16 17:43:34 mankind.boredom.org ftpd[9721]: zoo (bogus) LOGIN FAILED [from cv796573-a.hcksvle1.ny.home.com]
<wankel> Apr 16 17:43:34 mankind.boredom.org ftpd[9723]: zoom (bogus) LOGIN FAILED [from cv796573-a.hcksvle1.ny.home.com]
<wankel> Apr 16 17:43:34 mankind.boredom.org ftpd[9724]: zooplankton (bogus) LOGIN FAILED [from cv796573-a.hcksvle1.ny.home.com]
<wankel> WHOA SHIT
<mendel> someone tell that luser that dictionary attacks refer to the PASSWORD part.
<wankel> christ, 2000 lines back and he was only in w's :)
<wankel> mankind:~ % grep LOGIN FAILED /var/log/messages | wc -l
<wankel> 8923

ssh dictionary attacks

iburrell on 2004-11-17T01:03:28

They are probably trying the username as the password. They may also be trying really dumb passwords like 'password'. Unfortunately, there are lots of accounts with weaks passwords. And the bots will find them and break in.

"wankel" wins a "useless use of wc -l" award

Aristotle on 2004-11-17T15:35:12

;-)