When I first noticed it, I tried searching around with iostat and top to see if I had some process run amok. Finding nothing, I tried rebooting.

The magical reboot was not so magical. My machine was still merrily hitting the disk every couple seconds.

I searched around the web for “disk activity” linux and “disk activity” ubuntu. I found recommendations that I:

• Kill processes that poll for new media
• Eliminate access time tracking on my filesystem, and
• Set syslog not to flush some of its logs

All of those seemed bogus to me. None of them seemed like anything that would have changed yesterday or today. But, the last one got me thinking. What logs do I have that do get flushed on every message? Are any of them going batty today?

Sure enough, /var/log/auth.log was getting hit every two or three seconds. Someone was trying to guess logins on my machine.

Looking back through the last week, I’ve had a few spats of bogus login attempts. Most of them were just four or five attempts in a row. This one today had gone for twelve hours.

I threw that IP address into /etc/hosts.deny. Now, all is quiet. Well, except my need to make sure I don’t let things go for twelve hours again….