Webserver Failed logins

[Nate]

I get emailed the logs for the webserver at work and everytime i see the server has been 'hammered' with usernames and passwords is this pretty common? The attempts are random names going from a - z and the password as password.

example
aaa : password

through to

zzz : password

With all manner of peoples names in the middle. Just really wondering if this is common or what really.

 

[Sic]

sounds like someone going the long way trying to get access to random emails on your web server. i think that's called a brute force attack, where random usernames are tried, then they'll try every combination of letters and numbers to get the password. it'd put incredible strain on your server though.

can you see where they're coming from? is this an intranet? because if it is, there might be some security issues, if the logins are coming from outside your LAN/WAN

 

[Nate]

as far as i know they are trying to log into the server. they are coming from external ip addresses.

 

[Adz]

It's very common if the server is open to the web. Provided your passwords are secure, it's nothing to worry about.

 

[Nate]

Is it not going to cause a problem on the servers performance if someone is hammering it trying to log in?

 

[Adz]

Not unless you're getting thousands of requests a second or you're running a 486 .

I'm assuming this is Linux and SSH?

 

[Nate]

yea linux and ssh, haha 486 i WISH it was that good.....only joking

 

[toosepin]

This is a brute force attack. I'd immediatley block the IP doing the job before it brings down your server.

Blacklist any of the IPs involved. See how it goes from there.

 

[Nate]

had a look round the server control panel can find anywhere to add IPs to a blacklist, can i do it via ssh?

 

[daz]

Do you have a hardware or software firewall running?