Doing my part
This morning I received a email from logwatch letting me know what had gone on during the last 24 hours and this was what I was presented with.
Failed ssh logins from:
194.**.***.*** (****.*****.com): 80 times
Illegal ssh users from:
194.**.***.*** (****.*****.com): 256 times
I have of course removed identifying information of the company that was breached, but I emailed them this morning notifying them of the problem and after they confirmed interest in the problem I emailed them a copy of my secure log. I just received an email from them confirming there was a breach and that it has been fixed. Made me feel good that I was able to help out a company.
This isn’t the first time I have had those messages in the log, the 2nd night I had the server up the log said there were 1200 attempts. Unfortunately I cannot send mail to those because they were just random IP addresses and not much would come of it.
