[Dshield] password cracking attempt

Mark Rowlands mark.rowlands at minmail.net
Tue Aug 28 16:58:51 GMT 2001

On Tuesday 28 August 2001 6:11 pm, Steve Mainwaring wrote:
> On the weekend I received thousands of hits from various european and asian
> domains. Each were using a password cracking submitter program to try and
> gain access to a members area I have on the website.
> Log file shows that one IP address tried logging on with username HTTP but
> 503 different passwords.
> a) Why me? do they go around looking for sites with password protected
> areas and pass the website onto other crackers to share the load?
> b) What can I do to prevent this or to limit damage?
> It seems the only damage done is that the server slows down a bit.
run snort with spade and possibly the flexible response plugin. These will 
monitor for unpleasantness and general misbehaviour and optionally do 
something about it.....I would be a bit wary about that part of it myself.

see www.snort.org

More information about the list mailing list