Re: Hundreds of sshd processes spawned by Postgresql

[Johann Spies <jspies@sun.ac.za>]

On Fri, Jun 25, 2010 at 03:30:52AM -0500, Stan Hoeppner wrote:
> It appears someone has cracked/pwn3d your Debian host.  That's an _outbound_
> SSH connection.  59.120.163.53 is HINET network space in Taiwan.
> 

There are a lot of distributed ssh attacks on our network for the past
week or two.  Just for the sake of interest, do you find any
146.232.0.0/16 addresses (addresses starting with 146.232) in your logs?

The attacks seems to come from botnets and this situation looks like a
typical example of a compromised pc used for such purposes.

Regards
Johann

-- 
Johann Spies          Telefoon: 021-808 4599
Informasietegnologie, Universiteit van Stellenbosch

     "Honour thy father and mother; which is the first  
      commandment with promise; That it may be well with 
      thee, and thou mayest live long on the earth."        
                          Ephesians 6:2,3