Hey Folks,
I just wanted to say thank you for your comments about this post.
Raf.
Erik Williamson said the following on 10/25/2004 12:10 PM:
Don't forget to disable root logins via SSH (with redhat-ish systems, it's in /etc/ssh/sshd_config) -
PermitRootLogin no
This defaults to 'yes' on the redhat-ish machines. Yeeesh.
Best, Erik.
bogi wrote:
This is a known ssh scan. Thy will try test and admin and some other popular names, not just root. This has been going on for months now. Block the ip, and when the next one comes block it too. Or else, whois the ip and complain to the block owner, they can shut-them-down good.
Cheers
Szemir
On October 25, 2004 10:48, J. Rafael S�nchez wrote:
Hi Everyone,
I discovered that someone was trying to penetrate one of my boxes last
night. I'm sitting there, just watching them try all kinds of names and
password combinations. This lasted for about an hour before they gave up...
I was wondering if there's anything I should have done at the time of
the attempts. This will probably happen again, with this box or with
others. This box in question is within my DMZ. I have of course disabled
all and everything that is not needed, this includes ports and there's
also a local firewall running on it. Any comments would be greatly
appreciated.
Oct 25 09:25:54 someserver sshd[6513]: Failed password for root from 211.217.193.180 port 53677 ssh2 Oct 25 09:25:55 someserver sshd[6515]: Failed password for root from 211.217.193.180 port 53686 ssh2 Oct 25 09:25:58 someserver sshd[6518]: Failed password for root from 211.217.193.180 port 53742 ssh2 Oct 25 09:25:59 someserver sshd[6520]: Failed password for root from 211.217.193.180 port 53751 ssh2 Oct 25 09:26:02 someserver sshd[6522]: Failed password for root from 211.217.193.180 port 53792 ssh2 Oct 25 09:26:03 someserver sshd[6524]: Failed password for root from 211.217.193.180 port 53797 ssh2 Oct 25 09:26:06 someserver sshd[6526]: Failed password for root from 211.217.193.180 port 53848 ssh2 Oct 25 09:26:07 someserver sshd[6528]: Failed password for root from 211.217.193.180 port 53856 ssh2 Oct 25 09:26:10 someserver sshd[6530]: Failed password for illegal user test from 211.217.193.180 port 53905 ssh2 Oct 25 09:26:11 someserver sshd[6532]: Failed password for illegal user test from 211.217.193.180 port 53912 ssh2
Thank you. Raf.
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
