Re: Reporting SSH abuse

Dan Pilcheck wrote:
Hello list,

I've been getting a slew of SSH brute forces coming from a university
inside the US over the
past week. Normally I wouldn't even bother with reporting, but I
figured this would be a
chance to clear this up.

Fail2ban bans for 10 hours, and then the login attempts area right
back at it. Repeat.

An email with associated logs, and perhaps a little info from this
side is the best I can come
up with. I suppose there's not much else to report, though.

Is there a 'standard' format to report ssh abuse? Like there is with
vuln reporting?

IMO, I doubt anything will happen, but if it were coming from my
network, I'd like a notification.


Honestly thats more than enough. I've had client sites that were doing the same and the notifications were more than ample to at least look into it. A nice note to the person should work, we had a couple in the past where the admin was a complete jerk in letting us know. So personally I'd recommend a screenshot of a log and perhaps just listing the IP and what its hammering against. (ssh in this case). Hope this helps!


Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.;4175;25;1371;0;5;946;e13b6be442f727d1