On Wed, Jun 10, 2009 at 09:39:07AM +0200, Lars Thegler wrote: > On Wed, Jun 10, 2009 at 3:03 AM, David Cantrell<[email protected]> wrote: > > On Mon, Jun 08, 2009 at 02:15:08PM +0100, Barbie wrote: > > It's hosted at hetzner.de isn't it? My hetzner box seems to attract > > all sorts of nasty people who hammer on the ssh port trying to get in. > > Moving sshd to a non-standard port also works wonders.
It appears the problem was that the account for 'nobody' was compromised. As such I've disabled the account and several others that should not have remote access. The non-standard port wouldn't have worked necessarily in this case, the attack was scanning ports too :( However, I think sshblack will help in this regard :) Cheers, Barbie. -- Birmingham Perl Mongers <http://birmingham.pm.org> Memoirs Of A Roadie <http://barbie.missbarbell.co.uk> CPAN Testers Blog <http://blog.cpantesters.org>
