Linode.com Forum

[Scottso]

Did anyone else see a massive ssh brute force attack from 70.87.222.213?

I have a massive burst of attacks from this IP which is apparently a linode in the early hours of June 6 before my system locked them out.

If you own the linode with this IP and you aren't doing this yourself, your system has been compromised.

[tasaro]

An e-mail to abuse@linode.com with a portion of your logs would be helpful.

Thanks,
-Tom

[ravasolutions]

Install fail2ban

Also if you're running apache, suggest installing geoip module and block all the unwanted countries.

Just like any security measure - both of these will keep the script kiddies away and buy you some time during the premeditated attacks.

- G

Scottso wrote: Did anyone else see a massive ssh brute force attack from 70.87.222.213?

I have a massive burst of attacks from this IP which is apparently a linode in the early hours of June 6 before my system locked them out.

If you own the linode with this IP and you aren't doing this yourself, your system has been compromised.

[Scottso]

I run a large farm of servers for a publicly traded corporation as my day job and this was really just a courtesy notice (I happen to use Linode for my personal stuff). These IP's get immediately locked out of our network at the firewall so I don't generally bother to follow up on them more so than this. So do with the information as you will. In the future I will send info to abuse@linode.com with the log snippets. Most companies seem to ignore the abuse@ emails so I didn't try that avenue first.