Search results

  1. H

    FritzFrog botnet

    Thanks! I realized that after I posted, but I do appreciate the correction. Also since I posted, these ssh bruteforce attacks have dropped off. It was wild for a few days, but now relatively quiet.
  2. H

    FritzFrog botnet

    No, as I understand that writeup, use of port 1234 happens only after they have breached an ssh server through bruteforce (and then uploaded their own public key for return access). In my case, I have the ssh server set to key authentication-only, so password-based brute force attacks will never...
  3. H

    FritzFrog botnet

    In the last few days, I have seen a huge upsurge in brute force ssh login attempts as registered in configserver firewall/lfd logs. I found this news item from today (Aug. 19, 2020) helpful for understanding what is apparently going on...
  4. H

    sa-learn vs. cron job updates to SA

    What is the relationship between running sa-learn in a specific account (per wiki article https://www.knownhost.com/wiki/email/exim/training-spamassassins-accuracy-with-sa-learn) and the overnight updates to SA that are run by the system cron job for the entire VPS? If I do some sa-learn...
Top