Any service that is connected to the internet is a potential target for brute-force attacks or unwarranted access. There are tools like fail2ban or sshguard, but these are functionally limited because they are only parsing log files. Blacklistd takes a different approach. Modified daemons like SSH are able to connect directly to blacklistd to add new firewall rules.
I don't like getting spam. The problem is not detecting it automatically, that works very well with tools like SpamAssassin and bmf. Even though I can automatically delete spam without reading it, the spammers still successfully deliver their mails and get paid by volume. I want to hurt them. They should not be able to deliver their mails, and waste as much of their resources as possible attempting to do so...
The Pledge of the Network Admin :
This is my network.
It is mine
or technically my employer's,
it is my responsibility
and I care for it with all my heart
there are many other networks a lot like mine,
but none are just like it.
I solemnly swear
that I will not mindlessly paste from HOWTOs.
The Hail Mary Cloud was a widely distributed, low intensity password guessing botnet that targeted Secure Shell (ssh) servers on the public Internet.
The first activity may have been as early as 2007, but our first recorded data start in late 2008. Links to full data and extracts are included in this article.
We present the basic behavior and algorithms, and point to possible policies for staying safe(r) from similar present or future attacks...