Kura over at SYSLOG has a really great animation showing the origins of SSH attacks on a single server during a 24 hour period. It’s another reminder, if you needed one, to lock down your machines. It’s pretty obvious these are just scripts trying a range of IP addresses but that makes it worse in a way. These aren’t targeted attacks. They’re automated scripts looking for a vulnerable machine. It’s easy to think, “I’m not a high profile site so no one will bother with me” but these guys will bother anyone foolish enough to leave the door open.
The animation is less than a minute but still fascinating. Recommended.