# of hacking attempts vs system size vs time
Just out of interest is that a normal amount of hacking attempts for our system size?
Our server runs about 20 webservers and 50 email accounts . When we started the system there were until we shut it down 50.000 emails sent over us with a couple of hours on the first day. Since we reside with a big service provider in Germany, maybe they target them proforma. We had a system in the States before, the amount wasn't nearly as big as that. Timeframe is from beginning September to today. In the mo I have hosts.allow and firewall running, no root login and only certain machines incoming. I'll look into keygen ssh. # some specific drop IPs just for troublemakers. 203.236.241.189 -j DROP # illegal login attempt ssh 210.105.240.195 -j DROP # illegal login attempt ssh 210.83.195.78 -j DROP # illegal login attempt ssh 217.113.73.102 -j DROP # illegal login attempt ssh 69.28.69.138 -j DROP # illegal login attempt ssh 193.204.49.40 -j DROP # illegal login attempt ssh 203.236.241.189 -j DROP # illegal login attempt ssh 220.168.17.55 -j DROP # illegal login attempt ssh 62.117.78.34 -j DROP # illegal login attempt ssh 213.69.152.70 -j DROP # illegal login attempt ssh 80.55.252.66 -j DROP # illegal access on http script 67.113.225.67 -j DROP # illegal ftp login attempt 7.9.2004 218.84.100.230 -j DROP # illegal ssh login attempt 7.9.2004 12.174.224.3 -j DROP # illegal ssh login attempt 8.9.2004 61.166.6.60 -j DROP # illegal ssh login attempt 9.9.2004 80.207.208.85 -j DROP # illegal ssh login attempt 10.9.2004 69.31.86.200 -j DROP # illegal ssh login attempt 11.9.2004 211.248.173.2 -j DROP # illegal ssh login attempt 11.9.2004 216.9.241.69 -j DROP # illegal ssh login attempt 12.9.2004 81.169.151.2 -j DROP # illegal ssh login attempt 12.9.2004 81.169.151.3 -j DROP # illegal ssh login attempt 13.9.2004 134.34.53.250 -j DROP # illegal ftp login attempt 14.9.2004 218.188.4.24 -j DROP # illegal ssh login attempt 15.9.2004 220.73.215.151 -j DROP # illegal ssh login attempt 15.9.2004 66.28.204.50 -j DROP # illegal ssh login attempt 16.9.2004 81.169.157.38 -j DROP # illegal ssh login attempt 16.9.2004 81.169.151.34 -j DROP # illegal scan attempt 17.9.2004 212.34.65.198 -j DROP # illegal ssh login attempt 17.9.2004 212.34.65.197 -j DROP # illegal ssh login attempt 17.9.2004 212.34.65.198 -j DROP # illegal ssh login attempt 17.9.2004 212.34.65.199 -j DROP # illegal ssh login attempt 17.9.2004 212.34.65.200 -j DROP # illegal ssh login attempt 17.9.2004 212.34.65.201 -j DROP # illegal ssh login attempt 17.9.2004 84.128.7.59 -j DROP # illegal ssh login attempt 17.9.2004 134.34.53.250 -j DROP # illegal ssh login attempt 17.9.2004 84.128.7.59 -j DROP # illegal ssh login attempt 17.9.2004 219.140.166.19 -j DROP # illegal ssh login attempt 18.9.2004 148.235.242.165 -j DROP # illegal ssh login attempt 19.9.2004 205.209.168.20 -j DROP # illegal ssh login attempt 19.9.2004 202.30.32.19 -j DROP # illegal ssh login attempt 19.9.2004 80.67.224.21 -j DROP # illegal mysql login attempt 3.9.2004 66.199.181.64 -j DROP # illegal ssh login attempt 21.9.2004 80.128.94.56 -j DROP # illegal ssh login attempt 22.9.2004 210.212.204.37 -j DROP # illegal ssh login attempt 22.9.2004 61.184.104.236 -j DROP # illegal ssh login attempt 22.9.2004 218.232.104.41 -j DROP # illegal ssh login attempt 22.9.2004 201.10.45.4 -j DROP # illegal ssh login attempt 23.9.2004 218.188.9.51 -j DROP # illegal ssh login attempt 23.9.2004 148.215.14.181 -j DROP # illegal ssh login attempt 24.9.2004 70.240.3.138 -j DROP # illegal ssh login attempt 24.9.2004 |
Quote:
But I was relating this to system size and time frame which are certainly factors in the amout of attempts. Does your answer include these two factors? So not absolute but relative. Also I am not talking peak time hacking attempts but long term median/means. My old system wasn't that much under threat so I wondered. The amount of servers and emails didn't change. just the provider. :) |
On a single machine/IP I'm seeing about 2 attempts per day on average, with occasional spikes of about 5-10 repeated login attempts from a single IP address. So that looks to be about the same as what your seeing. That's not from high profile systems either, so they shouldn't be attracting any abnormal attention. If you want anything more mathematically exact, I'll have to break out my abacus.
|
Thanks :)
|
All times are GMT -5. The time now is 08:46 AM. |