I'm not sure if this is the correct group...but I'm getting some weird activity on the network. The security reports will show 50-100 attempts to login to a server, most as root but some are attempts to login to other seemingly random account names. The login attempts are through ssh or telnet, all come from the same remote server, and all fail. I'm also getting some odd cgi calls to a script on a secure ssl server. There's nothing that this particular script could do for a hacker, but the script is sent a random string, sometimes many times a minute, other times it's every 2 -3 minutes. I grabbed the ip address and blocked it, and about 10 minutes later it had moved to another ip. I'm now blocking a range of ip's. These don't seem like enough iterations to be very successful, the odds are overwhelmingly in favor of the server at this rate... Does anyone have a clue what might be happening or where I should go to find out?
--- Steve Suhre Antero web technologies 719.634.8161 [EMAIL PROTECTED]
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
