It has been determined that evil forces are at work in this world attempting to gain secure access to the services that host EQ2Emulator.net - specifically, the secure shell into the EQ2 DB Project server. It has a custom SSH Port, yet "they" guessed that. It has custom login names, and somehow "they" guessed that, too. The attacker is failing on the password attempts though, and the IP gets automatically banned - however, the ban list is in the hundreds, and the attacks keep coming.

Primarily, they all trace to these domains in France -
kimsufi.com
ovh.net

and in Russia -
ruradiology.org

I am attempting to auto-ban any IP that accesses invalid data on my servers. This means, innocent people will be banned as well, and for that I am sorry... but if I do not stop these attacks, I will completely shut down all services for good. A small price to pay to keep this project alive.

John tweet Oles (OVH) with the IP please and explain he what happen (he is the foundater of OVH), he will do things to do ^^
FYI OVH is the leader of hosting in Europe (24 DC and the biggest of the world in BHS Canada) and Kimsufi is the low cost division

Yeah I doubt it's the people who own those sites specifically, likely hacker scripty losers who rent space from them. Thanks for the info though, I will see what can be done. I'm sure mine is not the only IP they are hacking... but hitting such specific ports? That has me very suspicious.

Change SSH Port is useless, basic ppl can do a TCP scan and find it with headers.
And if you repport spam for IP OVH or Kimsufi Oles can lock the IP or the server who try to hack

John Adams wrote:The attacker is failing on the password attempts though, and the IP gets automatically banned - however, the ban list is in the hundreds, and the attacks keep coming.

Would a key-based SSH login system work for your purposes (instead of passwords)? I'm not sure what the server is being used for or the number of people using it that would need keys, but doing a key-based login system is ideal for a lot of cases -- especially for servers being pounded by brute force password attacks. You'd just be able to disable password logins completely.

Maybe you already knew all about this, but I just figured I'd offer that suggestion.