6 Jun
2012
6 Jun
'12
2:08 a.m.
On Jun 5, 2012, at 3:53 PM, /dev/rob0 wrote:
What suspicions were confirmed?
At first I thought that somebody was TCP'ing in and somehow turning off the remote IP in the log so I couldn't block it. Then an answer from another mailing list, and a little thinking, made it occur to me that maybe my server had been penetrated.
And these brute force attempts would be logged, each one.
They are, with no rhost. And there are other brute force attempts that *do* have IPs.
I think you are overreacting.
I really hope so. What's your thinking? Have you seen this before? And most important: what is it, how does it work, and how do I get rid of it and keep it from coming back?
-- Glenn English hand-wrapped from my Apple Mail