Hola lista, he podido comprobar que ahora mismo alguien ha intentado hackear mi pc. Abro /var/log/auth.log y os copio un extracto al azar: Sep 28 16:07:46 sshd[8756]: Invalid user carol from 63.255.80.139 Sep 28 16:07:46 sshd[8756]: pam_unix(sshd:auth): check pass; user unknown Sep 28 16:07:46 sshd[8756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63-255-80-139.ip.mcleodusa.net Sep 28 16:07:47 sshd[8756]: Failed password for invalid user carol from 63.255.80.139 port 40403 ssh2 Sep 28 16:07:49 sshd[8758]: Invalid user cesar from 63.255.80.139 Sep 28 16:07:49 sshd[8758]: pam_unix(sshd:auth): check pass; user unknown Sep 28 16:07:49 bsshd[8758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63-255-80-139.ip.mcleodusa.net Sep 28 16:07:51 sshd[8758]: Failed password for invalid user cesar from 63.255.80.139 port 40710 ssh2 Sep 28 16:07:53 sshd[8761]: Invalid user caesar from 63.255.80.139 Sep 28 16:07:53 sshd[8761]: pam_unix(sshd:auth): check pass; user unknown Sep 28 16:07:53 sshd[8761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63-255-80-139.ip.mcleodusa.net Sep 28 16:07:55 sshd[8761]: Failed password for invalid user caesar from 63.255.80.139 port 41058 ssh2 Sep 28 16:07:58 sshd[8763]: Invalid user center from 63.255.80.139 Sep 28 16:07:58 sshd[8763]: pam_unix(sshd:auth): check pass; user unknown Sep 28 16:07:58 sshd[8763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63-255-80-139.ip.mcleodusa.net Sep 28 16:07:59 sshd[8763]: Failed password for invalid user center from 63.255.80.139 port 41414 ssh2 Sep 28 16:08:01 sshd[8765]: Invalid user copy from 63.255.80.139 Sep 28 16:08:01 sshd[8765]: pam_unix(sshd:auth): check pass; user unknown Sep 28 16:08:01 sshd[8765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63-255-80-139.ip.mcleodusa.net Sep 28 16:08:03 sshd[8765]: Failed password for invalid user copy from 63.255.80.139 port 41737 ssh2 Sep 28 16:08:05 sshd[8767]: Invalid user cindy from 63.255.80.139 Sep 28 16:08:05 sshd[8767]: pam_unix(sshd:auth): check pass; user unknown Sep 28 16:08:05 sshd[8767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63-255-80-139.ip.mcleodusa.net Sep 28 16:08:07 sshd[8767]: Failed password for invalid user cindy from 63.255.80.139 port 42099 ssh2 Sep 28 16:08:10 sshd[8769]: Invalid user chenst from 63.255.80.139 Sep 28 16:08:10 sshd[8769]: pam_unix(sshd:auth): check pass; user unknown Sep 28 16:08:10 sshd[8769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63-255-80-139.ip.mcleodusa.net el atacante estaba utilizando un diccionario de nombres (como se puede ver: carlo, cesar, caesar, center, copy, cindy... etc) y me he dado cuenta cuando iba por la h. he parado el servicio ssh. por lo visto ha utilizado vairas ips : 63.255.80.139 69.162.77.39 como podria librarme de él, podria banear su ip desde mi pc? utilizo debian lenny alguna idea? gracias
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
