Security Incidents mailing list archives
Re: Internet SSH scans
From: "Stephen J. Smoogen" <smooge () gmail com>
Date: Fri, 3 Mar 2006 14:05:45 -0700
Has anyone kept track of the passwords being used? I have been trying to find a nice simple sshd password logger so that I can set up a website that says "Is this your account? Is this your password?" On 3/3/06, William Tarkington <William.Tarkington () openwave com> wrote:
This appears to be related to a Romanian organized crime ring. They are using ssh scans + password lists for easy to guess servers. From there they create a phishing site. It has been on the rise for about 3 months or so from my records. --Will -----Original Message----- From: Tom Frerichs [mailto:tfrerich () shiboleth net] Sent: Thursday, March 02, 2006 8:57 PM To: incidents () securityfocus com Subject: RE: Internet SSH scans I'm seeing the same sorts of scans, but it seems to be only on hosts that offer web services and have publicly published URLs that might be found in a user's cache. Tom Frerichs - Denver
-- Stephen J Smoogen. CSIRT/Linux System Administrator
Current thread:
- Re: RE: Internet SSH scans, (continued)
- Re: RE: Internet SSH scans Daxomatic (Mar 03)
- Re: RE: Internet SSH scans Christine Kronberg (Mar 03)
- Re: Internet SSH scans JK Adams (Mar 03)
- Re: RE: Internet SSH scans joakim . berge (Mar 03)
- Re: Re: RE: Internet SSH scans mrbits (Mar 03)
- RE: Internet SSH scans Adriano Carvalho (Mar 21)
- Re: Internet SSH scans Valdis . Kletnieks (Mar 22)
- Re: Internet SSH scans Adriano Carvalho (Mar 22)
- RE: Internet SSH scans Adriano Carvalho (Mar 21)
- RE: Internet SSH scans William Tarkington (Mar 03)
- Re: Internet SSH scans ilaiy (Mar 03)
- Re: Internet SSH scans Stephen J. Smoogen (Mar 03)
- RE: RE: Internet SSH scans Teodorski, Chris (Mar 03)
- Re: Re: Internet SSH scans notonyour (Mar 04)
- Re: RE: Internet SSH scans Michael . Lang (Mar 23)
- Re: Internet SSH scans Valdis . Kletnieks (Mar 23)