It looks as though somebody is trying to comprimise my server. Dozens of attempts from 59.120.66.41 to login as root via ssh on several ports were captured in my server logs. The netblock owner (hinet.net) appears to be a Chinese site. I promptly banned the ip address and will continue to monitor my logs. George noticed that a network security consultancy was trying to get into his site… I don’t see any relationship here, but vow to take further action if the attempts continue.
Update: Ben tipped me off that this is most likely a worm that’s been floating around.
Leave a Reply