Malcolm Ferguson wrote:
All,
My machine was cracked on Thursday evening. I'm trying to understand how it happened so that it doesn't go down again.
Sounds to me like you know exactly how it happened - ssh user enumeration won the jackpot.
So what can I do to prevent it? My best guess is that ssh failed, but this is based on the log messages. Exim or Apache could have been the
Security in layers. Putting ALL: ALL in /etc/hosts.deny is a great start.
You could also run iptables (locally or upstream) to prevent tcp to port 22.
Keep your system patched.
Etc, etc.
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
