One Other thing that I've implemented is a PAM module that checks for
allowed users - i.e. if user xxx is not in the list, it will never
really check its password when trying to logon...
Ohad
To unsubscribe,
send mail to [EMAIL
On Mon, Sep 19, 2005 at 12:39:57PM +0200, [EMAIL PROTECTED] wrote:
One Other thing that I've implemented is a PAM module that checks for
allowed users - i.e. if user xxx is not in the list, it will never
really check its password when trying to logon...
Why a special module? Wouldn't
Of Tzafrir Cohen
Sent: Monday, September 19, 2005 3:20 PM
To: linux-il@linux.org.il
Subject: Re: Improving server security
On Mon, Sep 19, 2005 at 12:39:57PM +0200, [EMAIL PROTECTED] wrote:
One Other thing that I've implemented is a PAM module that checks for
allowed users - i.e. if user xxx
I see in my log files many enrties of this type (with various usernames)
Failed logins from these:
aa/password from 131.247.3.147: 1 Time(s)
What would be the best action with this?
1) Ignore, thet could not authenticate after all
2) put the above IP address in hosts.deny
3) put the whole
I would say Ignore. obviously check for updates and close the ports you
dont need.
If the person from this IP is a pro then any way he will get a new IP.
If his just s $%^# Newbie copy paste boy then any way there million of
his kind, and there are not that good at hacking updated system.
On Sunday, 18 September 2005 10:02, Gábor Szabó wrote:
I see in my log files many enrties of this type (with various usernames)
Failed logins from these:
aa/password from 131.247.3.147: 1 Time(s)
What would be the best action with this?
Close the service in question if you don't need
On 9/18/05, Aviram Jenik [EMAIL PROTECTED] wrote:
If you choose the last, feel free to write a quick script (I won't say in what
programming language) to automatically block IP's that appear in the log
files as failed logins. This block should be automatically lifted after 30-60
minutes to
Aviram Jenik [EMAIL PROTECTED] writes:
On Sunday, 18 September 2005 10:02, Gábor Szabó wrote:
I see in my log files many enrties of this type (with various usernames)
Failed logins from these:
aa/password from 131.247.3.147: 1 Time(s)
What would be the best action with this?
On Sun, Sep 18, 2005 at 01:40:04PM +, Oleg Goldshmidt wrote:
So far I have been ignoring these (but I do read the logs). Am I too
naive?
Yes. I used to thing that ssh was immune to these attacks, but I was
wrong. I accidently left open a userid I created for the guy that provides
me email
Gábor Szabó wrote:
I see in my log files many enrties of this type (with various usernames)
Failed logins from these:
aa/password from 131.247.3.147: 1 Time(s)
What would be the best action with this?
1) Ignore, thet could not authenticate after all
2) put the above IP address in
On 18 Sep 2005 13:40:04 +, Oleg Goldshmidt [EMAIL PROTECTED] wrote:
I see a lot of those in the log of my home machine. Basically, I have
ssh open and I connect to the machine myself when I am at work,
travelling, etc. I am typing this mail while connected via ssh.
I used to see tons of
11 matches
Mail list logo
