From owner-freebsd-security@FreeBSD.ORG Fri Aug 13 18:33:10 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43C4C16A4CE for ; Fri, 13 Aug 2004 18:33:10 +0000 (GMT) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id 66CD743D31 for ; Fri, 13 Aug 2004 18:33:07 +0000 (GMT) (envelope-from sirmoo@cowbert.net) Received: (qmail 36062 invoked by uid 1001); 13 Aug 2004 18:33:04 -0000 Date: Fri, 13 Aug 2004 14:33:04 -0400 From: "Peter C. Lai" To: Mohacsi Janos Message-ID: <20040813183304.GU346@cowbert.net> References: <411CCAAE.7020505@beco.hu> <20040813160928.M82373@mignon.ki.iif.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040813160928.M82373@mignon.ki.iif.hu> User-Agent: Mutt/1.5.6i cc: freebsd-security@freebsd.org Subject: Re: sequences in the auth.log X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Aug 2004 18:33:10 -0000 On Fri, Aug 13, 2004 at 04:14:29PM +0200, Mohacsi Janos wrote: > Hi Sandor, > You don't have to worry, unless you have user 'test', 'guest', > 'admin', 'root' with poor password: typically same or very similar to your > accountname. There seems to be a script around the hackers to scan SSH and > gain access to poorly configured servers.... Unfortunately they are plenty > of badly configured servers. May be you should disable root access via SSH > password (only via keys). Disabling root login via ssh will still cause 'failed password' entries in syslog. (on openssh 3.7 anyway) -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/