"I have yet to meet an admin who plausibly claims to never have been tripped up by their overload rules at some point."
More, and a walk down memory lane, in "The Hail Mary Cloud And The Lessons Learned" https://nxdomain.no/~peter/hailmary_lessons_learned.html
#ssh #passwords #bruteforce #passwordgroping #cybercrime #openbsd #pf #packetfilter #security #guessablepasswords #hailmary #hailmarycloud
So this happened:
Jan 30 03:07:16 skapet sshd-session[94311]: Failed password for invalid user "> from 165.231.182.56 port 15613 ssh2
I wonder if we are seeing a variant of "gropefor database down, feeding raw html to the ssh gropebot" scenario again such as in https://nxdomain.no/~peter/so_somebody_is_throwing_html_at_your_sshd.html #sshgropers #sshd #passwordguessing #passwordgroping #passwords #cybercrime
More data points - today's is
Oct 6 02:03:53 skapet sshd-session[76897]: Failed password for invalid user Can't open ikk from 2a02:4780:10:42bf::1 port 43964 ssh2
More likely than not a variant of spamto database gone awol like back in the day https://nxdomain.no/~peter/so_somebody_is_throwing_html_at_your_sshd.html (prettified, tracked https://bsdly.blogspot.com/2016/12/so-somebody-is-throwing-html-at-your.html) but still hilarious
Another data point in the "you thought you had seen it all, but no siree" set -
Oct 4 13:34:04 skapet sshd-session[38440]: Failed password for invalid user Can't open ica from 2001:df7:3c00:800a::446:34dc port 54770 ssh2
(and from several other locations)
[07/Feb/2024:18:09:02 +0100] "GET /manage/account/login HTTP/1.1" 301 162 "-" "'Cloud mapping experiment. Contact research@pdrlabs.net'"
And certainly when you also throw binary junk at webservers and grope "login" URLs. #cybercrime #cyberstalking #passwordgroping #deliverability 2/2
