On 4/17/2018 7:20 AM, Rich Kulawiec wrote:
I stood up a new server last fall with *no* valid ssh access and logged
about 750,000 attempts in a month. Similar patterns.
There's a reason I don't put sshd on port 22; moving it elsewhere and
blackhole-ing 22 cut the auth log tremendously.
(Not
On 17-Apr-18 10:28, Rich Kulawiec wrote:
> The idea for this comes from some of the web sites that perform this;
> unfortunately most of them are "upgrading" from simple, fast, easy
> checks to bloated ones that use a ton of Javascript, can't be scripted,
> and are increasingly behind signups/paywa
I have a partially-completed spec for a module that will examine
messages for various issues but my Python-fu is likely not sufficient
to realize it and I'm busy writing anyway. This is probably a GSOC-size
and GSOC-scope project, so if anybody is game, below is a poorly-written
and large incomple
The idea for this comes from some of the web sites that perform this;
unfortunately most of them are "upgrading" from simple, fast, easy
checks to bloated ones that use a ton of Javascript, can't be scripted,
and are increasingly behind signups/paywalls/etc.
The concept is simple: given a domain,
On Mon, Apr 16, 2018 at 02:05:35PM -0400, tlhackque via Mailman-Users wrote:
> Good advice.??? But use httpS: (and make sure the UA validates the server
> certificate).
> Unless you fancy experimenting with DOS attacks.
Yep. You're exactly right.
> But the biggest source of attacks, by far, is t
