POP and IMAP and ssh probes
#146 Henry, Wednesday, 13 June 2012 10:23 PM (Category: Network)
(Tags: linode log ssh)

I am nervous about the new Linode server, so I log in regularly and check the logs. I see a lot of attempts to break in using POP and IMAP. Mostly from Russian or German IP addresses, some from Comcast, and even some from Linode. One person was attempting to use my user name and guess the passwords. So I collected the IP addresses and added them to the firewall. I'll keep checking and adding. I might even automate this process.

I also noticed attempts to ssh in using a lot of default user names - ftp, ftp1, user, user1, root, deathrun, tomcat, nagios, aa, M, sysgames, media, deploy, demo, oracle, postgres, svh, alex, malika, tom, public, darwin, and on and on and on. That's easily fixed. I shut down port 22. No more ssh except through Linode.