Date: Sat, 14 Apr 2007 13:35:49 +0200 From: Gabor Kovesdan <gabor@FreeBSD.org> To: Jim Stapleton <stapleton.41@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Given this evidence, should I be worried that I may have been hacked Message-ID: <4620BC95.3070107@FreeBSD.org> In-Reply-To: <80f4f2b20704140425w2631ee3co5547b772f6c972e8@mail.gmail.com> References: <80f4f2b20704140425w2631ee3co5547b772f6c972e8@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jim Stapleton schrieb: > Once I opened up SSH to the outside world, my machine has been > hammered once or twice a day most days, with username failures. None > of the usernames would fit a username on my system (except root), and > I have ssh set to deny root logins, and only use SSH2. Additionally, I > have the following in my login.access (only active entry, the name > have been changed on this, but the three names would appear as 3 and > four character random alphabetical strings): > -:ALL EXCEPT wrbc crr aqp:ALL EXCEPT local > > As of the 9th, I've only seen one set of blatant/brute-force attempt > at my ssh server. It's interesting, but the major drop in attempts has > me more worried than the attempts (could this drop off be because they > no longer need to hack me? Could they have hacked me an that be the > reason why?) > > How worried should I be, and what's the best recourse for this? > On a system I administer I put SSH to a non-standard port (in this case 1234) and the brute force attempts has gone away since then. I suggest you trying that. Besides, you can change to RSA/DSA auth, which is more secure. Regards, Gabor
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4620BC95.3070107>