Date: Sat, 14 Apr 2007 08:09:52 -0400 From: "Jim Stapleton" <stapleton.41@gmail.com> To: "Gabor Kovesdan" <gabor@freebsd.org> Cc: freebsd-questions@freebsd.org Subject: Re: Given this evidence, should I be worried that I may have been hacked Message-ID: <80f4f2b20704140509w6546e0dcqd54e302fbecb5ed7@mail.gmail.com> In-Reply-To: <4620BC95.3070107@FreeBSD.org> References: <80f4f2b20704140425w2631ee3co5547b772f6c972e8@mail.gmail.com> <4620BC95.3070107@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I have DSA. I will change it to a nonstandard port, but I was wondering what your oppinion on a good way to check if this is the result of me being hacked, or just someone loosing interest. On 4/14/07, Gabor Kovesdan <gabor@freebsd.org> wrote: > Jim Stapleton schrieb: > > Once I opened up SSH to the outside world, my machine has been > > hammered once or twice a day most days, with username failures. None > > of the usernames would fit a username on my system (except root), and > > I have ssh set to deny root logins, and only use SSH2. Additionally, I > > have the following in my login.access (only active entry, the name > > have been changed on this, but the three names would appear as 3 and > > four character random alphabetical strings): > > -:ALL EXCEPT wrbc crr aqp:ALL EXCEPT local > > > > As of the 9th, I've only seen one set of blatant/brute-force attempt > > at my ssh server. It's interesting, but the major drop in attempts has > > me more worried than the attempts (could this drop off be because they > > no longer need to hack me? Could they have hacked me an that be the > > reason why?) > > > > How worried should I be, and what's the best recourse for this? > > > On a system I administer I put SSH to a non-standard port (in this case > 1234) and the brute force attempts has gone away since then. I suggest > you trying that. Besides, you can change to RSA/DSA auth, which is more > secure. > > Regards, > Gabor > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?80f4f2b20704140509w6546e0dcqd54e302fbecb5ed7>