# Distributed SSH Attack?



## dave (Apr 8, 2009)

I have a unusually heavy load of SSH attacks on my servers this morning.  Is anyone else experiencing this?  Could this be Conficker?


----------



## DutchDaemon (Apr 8, 2009)

http://isc.sans.org/diary.html?storyid=6148


----------



## Vib3 (Apr 28, 2009)

dave said:
			
		

> I have a unusually heavy load of SSH attacks on my servers this morning.  Is anyone else experiencing this?  Could this be Conficker?



Not conficker, but some other malware. I have got many attacks too. 

Check your sshd_config and install sshguard.

I am happy with using it


----------



## SirDice (Apr 28, 2009)

AFAIK Conficker doesn't use ssh to spread itself.

The baddies just found your box.. Welcome to the internet


----------



## dave (Apr 28, 2009)

I use security/denyhosts.


----------



## gilinko (Apr 28, 2009)

You could also try the built in firewall pf with sshguard. Easy as pie to setup...


----------

