Newbie Security Question
I recently got my firewall up and configured (many thanks to JJB and everyone else for their help) and have been reading the daily security message from root with a great deal of interest. My question is, when I see entries like this: Aug 5 17:55:54 sara sshd[2099]: Failed password for root from 209.120.224.13 +port 40515 ssh2 Aug 5 17:55:55 sara sshd[2101]: Failed password for root from 209.120.224.13 +port 60426 ssh2 Aug 5 17:55:55 sara sshd[2103]: Failed password for root from 209.120.224.13 +port 54447 ssh2 Aug 5 17:55:59 sara sshd[2105]: Failed password for root from 209.120.224.13 +port 44460 ssh2 is it safe to assume someone has been trying to hack my system? I did a whois search on the IP and it went to a provider in Colorado. I'm asking because I'm curious - thanks again for everyone's help. Jim C. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Newbie Security Question
On Fri, Aug 06, 2004 at 08:26:01AM -0500, James A. Coulter wrote: I recently got my firewall up and configured (many thanks to JJB and everyone else for their help) and have been reading the daily security message from root with a great deal of interest. My question is, when I see entries like this: Aug 5 17:55:54 sara sshd[2099]: Failed password for root from 209.120.224.13 +port 40515 ssh2 Aug 5 17:55:55 sara sshd[2101]: Failed password for root from 209.120.224.13 +port 60426 ssh2 Aug 5 17:55:55 sara sshd[2103]: Failed password for root from 209.120.224.13 +port 54447 ssh2 Aug 5 17:55:59 sara sshd[2105]: Failed password for root from 209.120.224.13 +port 44460 ssh2 is it safe to assume someone has been trying to hack my system? Jim C. Hi Jim, Yeah, I get these all the time. I've always chalked it up to random script kiddies. Sometimes i get people trying to log in as generic usernames like admin, guest, etc. Make sure that PermitRootLogin is either set to no or commented out in /etc/ssh/sshd_config, and of course make sure you are using a good root password. Now, if you really want to work yourself up, start browsing your httpd-access logs :) -dan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Newbie Security Question
Hello James: Thats just letting you know that someone from that IP Address tried to access your system using the root account and the password they provided failed to authenticate. Could've been an ssh scanner or something of that nature. Most likely script kiddies. Make sure you do not allow root to login via ssh by setting your sshd_config PermitRootLogin no. Use sudo or su - instead. or you can always use key-based authentication. Lester A. Mesa aka: mazpe - On Fri, 2004-08-06 at 08:26, James A. Coulter wrote: I recently got my firewall up and configured (many thanks to JJB and everyone else for their help) and have been reading the daily security message from root with a great deal of interest. My question is, when I see entries like this: Aug 5 17:55:54 sara sshd[2099]: Failed password for root from 209.120.224.13 +port 40515 ssh2 Aug 5 17:55:55 sara sshd[2101]: Failed password for root from 209.120.224.13 +port 60426 ssh2 Aug 5 17:55:55 sara sshd[2103]: Failed password for root from 209.120.224.13 +port 54447 ssh2 Aug 5 17:55:59 sara sshd[2105]: Failed password for root from 209.120.224.13 +port 44460 ssh2 is it safe to assume someone has been trying to hack my system? I did a whois search on the IP and it went to a provider in Colorado. I'm asking because I'm curious - thanks again for everyone's help. Jim C. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
