HelliSSH 14 hours…

Somebody’s botnet came on-line yesterday. Starting at 7:31PM yesterday my servers have been getting hammered with ssh brute force login attacks. As of two minutes ago the number of unique IP addresses that have attempted to hack me is at 398.

I’m not worried, though. First, they are attempting to brute force the password for an account that does not exist. 🙂

Second, I use a fabulous tool called BruteForceBlocker that integrates with syslog to identify failed ssh logins and then uses pf to firewall them off so the offending IP address can’t try again. BruteForceBlocker also reports this bad activity to a central database, where it is pooled and used to extend the block lists on other BruteForceBlocker enabled servers, preventing known bad hosts from attempting to crack your box in the first place.

Between the IPs my server blocked, and the most recent sync with the server, the total number of IPs blocked in the last 14 hours is 737. I’ve been spot-checking some of the blocked IPs with nmap, and so far I’m finding most of them to be linux based, where I had expected to find at least a few of them to be Conficker infected WinBlows boxes. That’s a lot of compromised Linux boxes out there…


Is our 2006 Honda Civic spying on us?

[UPDATE: Looks like Ford is even admitting to the practice of spying on customers.]

Last week my wife’s Honda Civic had its maintenance light come on letting us know it was due for an oil change.

Today we received a letter from Honda informing us the maintenance light was on, and urging us to schedule maintenance if we had not already done so.

How the frak did they know? Does the Honda Civic ‘phone home’ and report status periodically to Honda? If it does, how is that information being used, stored, and more importantly protected? It chills me to the bone to think that my car is ‘phoning home’ an unknown quantity of information about our driving habits. Might be time to trade it in for a less modern vehicle.