What's wrong with Anthrax Candy?
Anthrax Candy is nice. Especially with Yersinia Pestis icing on top.
I am surprised it is only 43%. I would have expected something in the 90%+.
An extraordinary 43 per cent of all attempted online account logins are malicious, Akamai claims in its latest internet security report. "Credential abuse" is an increasingly popular line of attack, thanks in large part to the readily availability of huge user/password databases that has been stolen and are sold online. …
This post has been deleted by its author
automated SSH attempts must make a massive chunk of those malicious ones
My home SSH server finally got broken into last year. Should have had Fail2Ban installed before. I now have a VM in a different VLAN with only one user on it, that only accepts SSH. If I want in further then I have to tunnel into the internal network.
I remember the days when a DMZ was fancy for big business. Now I need one at home.
Also, if the SSH server gets compromised, I can whip it offline, rewind it to a clean snapshot, change the password and set it going again. Yay for VMs.
Not sure about logins via login screen, but the amusing one is looking at system logs and the insane number of
people robots trying to login to a Wordpress admin panel. Bit strange as I don't run Wordpress (obvs).
That's closely followed by the vast number of attempts at a SQL injection.
One would think that ISPs could come up with some tools/scripts to identify and block these scum - they are wasting a lot of bandwidth to no real purpose.
As they would for the 7 decades.
It's not the "Acts of $Deity" that depress me.
It's the mind numbing banality of the bulk of this s**t.
As it no doubt will be when we enter the 8th decade of computing.
And people know it is as well.
I'm guessing the usual user justification is roughly
a) It's no big deal, IT can handle any breaches.
b) I don't handle any important data so why would anyone bother.
c) I don't have many privileges so why would anyone bother.
Note how H&S is handled. H&S is everyone's responsibility, and Managers are additionally responsible for the H&S of the staff they supervise. I'd suggests infosec should be viewed in the same way, starting with the CEO.
a new trend of enterprise systems being targeted, not only to steal their data, but to steal their computing resources,
And which can only get worse as "the cloud" becomes more dominant, especially as people lose poorly-secured mobile devices with apps pre-configured with all their login credentials.
At our place, we don't use email addresses as usernames.
The vast majority (like 99%) of malicious login attempts still do try to use email addresses. The other few are things like "root", "admin", "support", ... equally invalid in this instance.
Therefore, by not using an email address as a username, we thwart most of these attempts right off the bat. Naturally, we still insist on decent passwords and have rate limiting and various other schemes in place.
As others have said I'm surprised that the quoted figure is only 43%, but then their data collection only accounts for an unrepresentative sample of the problem.
Anyone who administers internet facing servers of any kind, be they web, email or whatever, knows that a high proportion of each day's logs will be taken up with automated login attempts of one sort or another.
If your passwords are strong they won't guess them.
But one major UK official site I had to register with yesterday had rules that were incompatible with the strong passwords Safari was generating for me. Something to do with hyphens I think. So I had no choice but to set it to "password".
...change your default SSL port to something like 223. You've obviously disabled root login over ssh, require key-based credentials, etc already.
Obviously this does not increase security in any real sense against a human attacker as nmap will see your new port... But in my case avoiding port 22 eliminates about 90pct of the robocall activity I've got to wade through in my logs.
Any crap activity I've got on new ports is from a person or bot that actually bothered to map my net, and that tells me something I should know right up front. Key here is to improve your signal to noise
Biting the hand that feeds IT © 1998–2021