On Fri, Aug 06, 2004 at 08:26:01AM -0500, James A. Coulter wrote:
> I recently got my firewall up and configured (many thanks to JJB and everyone else 
> for their help) and have been reading the daily security message from root with a 
> great deal of interest.
> My question is, when I see entries like this:
> Aug  5 17:55:54 sara sshd[2099]: Failed password for root from
> +port 40515 ssh2
> Aug  5 17:55:55 sara sshd[2101]: Failed password for root from
> +port 60426 ssh2
> Aug  5 17:55:55 sara sshd[2103]: Failed password for root from
> +port 54447 ssh2
> Aug  5 17:55:59 sara sshd[2105]: Failed password for root from
> +port 44460 ssh2
> is it safe to assume someone has been trying to hack my system?
> Jim C.

Hi Jim, 

Yeah, I get these all the time.  I've always chalked it up to random
script kiddies.  Sometimes i get people trying to log in as generic
usernames like admin, guest, etc.  Make sure that PermitRootLogin is
either set to no or commented out in /etc/ssh/sshd_config, and of course
make sure you are using a good root password.

Now, if you really want to work yourself up, start browsing your
httpd-access logs :)

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to