I run several servers, all of which run linux, OpenSSH, and Apache HTTPD. Some run VSftpd as well (legacy requirements). They all are attacked by brute force hacking attempts daily, yes daily. Every day I go through my logs and see the 10’s of thousands of attempted break in attacks. It’s annoying, it tends to make the log files very long to look through. Even my parsed and abstracted log reports are forced into long lists of attacking IP addresses and attempted usernames. Here is an example from just today on ONE server:

Failed SSH logins: 2971

Failed FTP logins: 18,415

Faild SMTP logins: 1656

And this is not a server hosting super popular websites or mirrors. This is just a no name server hosting a couple of websites. In the past I used to contact the owners of the IP addresses these came from, but it became tedious and difficult. They’re often internet providers dynamic IPs of clients, which the ISP tends to not care they are attacking my server (most likely, they are trojaned anyways).

All these attempted attacks do is waste resources. They waste my bandwidth, processing, and storage (the log files).

Just me deciding to put into writing one of my daily annoyances.