Attacks from 70.87.222.213

Did anyone else see a massive ssh brute force attack from 70.87.222.213?

I have a massive burst of attacks from this IP which is apparently a linode in the early hours of June 6 before my system locked them out.

If you own the linode with this IP and you aren't doing this yourself, your system has been compromised.

3 Replies

An e-mail to abuse@linode.com with a portion of your logs would be helpful.

Thanks,

-Tom

Install fail2ban

Also if you're running apache, suggest installing geoip module and block all the unwanted countries.

Just like any security measure - both of these will keep the script kiddies away and buy you some time during the premeditated attacks.

  • G

@Scottso:

Did anyone else see a massive ssh brute force attack from 70.87.222.213?

I have a massive burst of attacks from this IP which is apparently a linode in the early hours of June 6 before my system locked them out.

If you own the linode with this IP and you aren't doing this yourself, your system has been compromised.

I run a large farm of servers for a publicly traded corporation as my day job and this was really just a courtesy notice (I happen to use Linode for my personal stuff). These IP's get immediately locked out of our network at the firewall so I don't generally bother to follow up on them more so than this. So do with the information as you will. In the future I will send info to abuse@linode.com with the log snippets. Most companies seem to ignore the abuse@ emails so I didn't try that avenue first.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct