Just a short post on how quickly servers are found on the Internet and how quickly they are attacked with brute force and dictionary attacks.
On Tuesday morning (this week) , a new server was installed for a new customer. The server became accesible to me on Tuesday afternoon.
On Wednesday I did my stuff on it (securing services , setting up backups and so on) and also installed Syspeace (which I always do btw since it should be a part of every servers baseline security in my opinion).
At 21:37 the first attack came a knocking on the door.
This means that the server had not been accessible for more than 36 hours and was already targeted from an attacker.
The IP address originated from the US this time and I disregarded it since the email alert from Syspeace automatically showed me the username, DNS name and countryu of origin.
Not worth the trouble pursuing in this case. Proably just a part of a botnet but still, it’s interesting to see how quickly it actually happens.
If you want to know if you’re attacked, simply turn logging on you server and have a look.