Date: Fri, 6 Aug 2004 15:02:43 -0500 From: Dan Rue <drue@therub.org> To: "James A. Coulter" <jacoulter@jacoulter.net> Cc: freebsd-questions@freebsd.org Subject: Re: Newbie Security Question Message-ID: <20040806200243.GA25584@therub.org> In-Reply-To: <20040806132601.GA3043@sara.mshome.net> References: <20040806132601.GA3043@sara.mshome.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 06, 2004 at 08:26:01AM -0500, James A. Coulter wrote: > I recently got my firewall up and configured (many thanks to JJB and everyone else for their help) and have been reading the daily security message from root with a great deal of interest. > > My question is, when I see entries like this: > > Aug 5 17:55:54 sara sshd[2099]: Failed password for root from 209.120.224.13 > +port 40515 ssh2 > Aug 5 17:55:55 sara sshd[2101]: Failed password for root from 209.120.224.13 > +port 60426 ssh2 > Aug 5 17:55:55 sara sshd[2103]: Failed password for root from 209.120.224.13 > +port 54447 ssh2 > Aug 5 17:55:59 sara sshd[2105]: Failed password for root from 209.120.224.13 > +port 44460 ssh2 > > is it safe to assume someone has been trying to hack my system? > > Jim C. Hi Jim, Yeah, I get these all the time. I've always chalked it up to random script kiddies. Sometimes i get people trying to log in as generic usernames like admin, guest, etc. Make sure that PermitRootLogin is either set to no or commented out in /etc/ssh/sshd_config, and of course make sure you are using a good root password. Now, if you really want to work yourself up, start browsing your httpd-access logs :) -dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040806200243.GA25584>