SSH scanning
It’s a weekend, I know, but I can’t resist checking on Maui and opapa.
Been checking the logs on opapa when I noticed login failures using accounts like ‘test’ and ‘user’. Hmmm… These aren’t standard Linux accounts. And no one else has SSH privileges on opapa. So I checked and did awhois on the culprit host. Traced it back to an ISP in Korea. Something’s afoot.
Turns out this incident is similar to those happening worldwide. In the security mailing lists I subscribe to, similar incidents have been cropping up. The recommended solution was to harden SSH.
Already done that: no root logins. But that’s not enough. Would have to implement RSA key logins. And notify the Boss, too.
