Why it’s important to monitor logs

A while back I wrote sshfail. It’s a script to look at attempts on the ssh protocol on servers. You can find it up on git hub if your interested and want to install in your self. https://github.com/nevetsanderson/sshfail .

The interesting thing is that even if you use a non standard port to run ssh on (which is what this data relates to) it’s only a matter of time before modern hackers or bots or some Bs8dutard’s find that information and it gets propergated. Have a look at this raw data.

DateAttemptsips
1/3/20202828
1/4/2020239129
1/5/2020204125
1/6/2020337106
1/7/2020322167
1/8/2020386142
1/9/2020452195
1/10/2020273169
1/11/20205873197
1/12/20204346116
1/13/20208892191
1/14/20206192128
1/15/202000

As you can see things got ugly after about 11 days… from 28 to 5873 attempts on the server per day and within 2 weeks. Also worth considering is how did things go from weeks of no one being able to detect this, to 28 ip address suddenly finding my machine on the same day and then it increasing to 195 (Jan 3-9). I’d love to know what’s going on in the background. How is information is being propergated?

So as you can also observe on the 15 th, I changed the port and things have been have quiet since then but the issue is… If I hadn’t been observant and actually looked at the numbers then I’d be giving the bad guys a chance at reeking havok…

Stay safe out there people, and actually look at your log data!

Your machine and it’s code

So I’ve been thinking a lot of late about machines, exploits and how to stop this sort of thing. I’ve been in situations where developers have created “stuff” on production machines and then left the company. The problem then becomes interesting if that code does not work with an up dated version of the software say wordpress, drupal or the operating system.

Urban dross

Your then in a situation (if the machine is a web server or open and available on the net) where about the only thing you can do is lock down the firewall and harden the old un patched OS and hope that no one finds a way in / attacks the machine.

It’s always good to have at least 2 people who understand custom code in any company especially if you have a number of web servers to mange. But even then re building something and re creating that functionality is not always easy – and management need to be aware of the fact that this will take time and cost money.


So if that keen shiny developer comes along one day promising you a widget that will sell your own grandmother and only cost you a few hundred bucks worth of con-sultan fees, my advice is to run screaming from the room.

The up shot I’m trying to put to you? Have the ability to own your own code – because if you don’t and if it gets hacked or is found to be vulnerable it’s going to cost you!

A simple approach is best – easier management and long term savings.

Pushing your boundaries and learning

The authors inner sprit animal when it comes to warm calling people…

So that was it – a week at Cyrise cyber boot camp for entrepreneurs of Australian cyber security. In a nut shell it was mind blowing! If your an Australian and you think you might have a great cyber security based idea, then this is a gig you must get in on.

Be prepared as your going to learn stuff, real important stuff, like being sat down in front of an excel spread sheet. Asked to crank on some initial financial projections by an experienced accountant (who has put some of his own money into startups).

Your going to have to get up in front of people and be able to talk about your product. Explain what it does and why it’s valuable, your going to learn to pitch and why it’s bloody important!

Calling industry people you don’t know on the phone to talk about your product (this really pushed my inner introvert I can tell you). I probably stunk like an old goat at the end of it (I could feel the sweat dripping off me) but hay that’s pushing your boundaries and learning.

If you have a great idea and have been thinking about it. Get into the next round you won’t regret it.

In closing I’d like to offer a big heart felt thanks to all the people who participated and contributed to our boot camp. But especially those on the coal front…

KIRSTIN MCINTOSH – Multitasker and social networker supreme (also the person who had faith in my idea).

CHLOÉ DUTSCHKE – Creative, marketing and brand guru who also kept us all very well fed (She also does a mean pod cast).

SCOTT HANDSAKER – The quiet guy at the back doing all the email stuff.

ALLEN JONES – (Not the bad one) Mr cool calm and collected who taught us all how to stand like gun slingers!


More crawling skin!

I’ve been following the company that says “Don’t be evil” on he issue of project Dragonfly – Googles “China” friendly search engine. The intercept has the lowdown on this project hear.

I have a belief that as companies get bigger they get more stupid and less focused. I think that this is indeed the case for Google. After reading the article I have to ask what sort of flavour of BS are these so called managers trying to stuff down the throats of humanity?

I’m starting to think it’s time to remove all my content from there platform.

Dec 1 post script 1
The register also has an article about the appalling behaviour of Googles’s senior management and it rightly points out that this is a company that is at a very serious fork in the road.

Dec 1 Post script 2
To expand on my thesis that “as companies get bigger they get more stupid” I also found this disturbing story…