How Server! prevents SSHPsycho attacks Server! version: 4.0.0+

According to the SANS ISC nearly 80% of all SSH-based brute force attacks are caused by SSHPsycho or one of its variations. This seems to be confirmed by the LongTail honeypot real-time report provided by the Marist College. So, yes, SSHPsycho is a big deal, and it’s a problem. And traditional blacklisting mechanisms (simply banning certain “well known” IP addresses and networks) have proved to be inefficient against it.

LongTail shows that Cisco and Level 3’s recent announcement about blocking sshPsycho’s 4 class C IP ranges (also known as “Group 93” and the “Hee Thai Campaign”) has done nothing to stop their brutal attacks. [Source: SANS ISC] Server!’s intelligent and automatic blacklist (called “Protector“), though, shows to be extremely effective at preventing such type of attack. Its real-time dynamic attack pattern identification and prevention technology can quickly recognize SSHPsycho attacks (and the like) and proactively stop them as soon as they begin. Even at its “Normal” sensitivity threshold, Protector already identifies and blocks all types of SSHPsycho attacks, in most cases before they even get to try the password authentication. Continue reading

Someone is up to something (SSH server hacking attempts)

As some of you may know, Syncplify’s goal wasn’t just to build a secure FTP and SFTP server with regards to data in motion; we made sure to design a server software that can protect itself (and therefore you) from many hacking attempts, like DoS, password harvesting, hammering, and many other types of attack.

In order to better understand what types of attack are out there in the wild, we have deployed several instances of our Server! in many different networks (in the cloud, VPS, dedicated servers, …) and we use them as “honeypots” to keep the world SSH break-in attack situation under constant monitoring.

In the past few days we have noticed a significant increase of password harvesting/guessing/breaking attacks, as shown in the picture here below. Taking control of as many servers as possible by breaking into them via SSH is one of the preliminary actions that usually lead to some form of DDoS outbreak in the near future.


The situation shown here above is a clear indicator that someone is up to something. We would not be surprised if another major vendor/corporation/network is subject to a DDoS attack in the next few days. Please, everybody stay alert!

We’re also happy to report that, unlike some competitors’ software, Server! is successfully identifying all attacks, and blacklisting all attackers. No Server! has been broken into. Ever.