Several months ago my machine was compromised through ssh by a system in
the Netherlands. They gained access through a user with an easy password
and then used "su" along with an enormous list of password combinations
to get root access. Finally they installed a "root kit" which caused my
machine to attempt to compromise others.
The only way to be safe is to:
1)carefully check your ssh config file to make sure that "admin",
"test",
and similar users do not have access
2)use long (more than 8 characters), very random passwords. "root kits
contain entire dictionaries which they use for sample passwords.
3)put any sensitive info on an encrypted partition and demount it
when you are not accessing it.
With "root kits" attacks can come from your nearest neighbor, so
blocking is of little use.
-Don Schmadel
