I woke this morning to a slew (here defined as ‘62’) of ssh dictionary attacks:

There were already 20 or so last night. Looks like a new botnet/attack wave or similar. I’m using DenyHosts and quite frankly, you should be too.

If you’re running Debian, there’s a nice package for it that I use and recommend. I’ve set mine to trigger on 3 attempts, but I’ve few users and most use ssh keys and not keyboard auth.

Might be a good time to run chkrootkit and change some passwords!