From owner-freebsd-questions@FreeBSD.ORG Sat Apr 14 12:19:17 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 320E116A40F for ; Sat, 14 Apr 2007 12:19:17 +0000 (UTC) (envelope-from gabor@FreeBSD.org) Received: from server.t-hosting.hu (server.t-hosting.hu [217.20.133.7]) by mx1.freebsd.org (Postfix) with ESMTP id 04FA613C4BC for ; Sat, 14 Apr 2007 12:19:15 +0000 (UTC) (envelope-from gabor@FreeBSD.org) Received: from localhost (localhost [127.0.0.1]) by server.t-hosting.hu (Postfix) with ESMTP id 204F69F2DCD; Sat, 14 Apr 2007 14:19:15 +0200 (CEST) X-Virus-Scanned: amavisd-new at t-hosting.hu Received: from server.t-hosting.hu ([127.0.0.1]) by localhost (server.t-hosting.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id d7a6CHpLy5Am; Sat, 14 Apr 2007 14:19:10 +0200 (CEST) Received: from [192.168.2.186] (catv-5063f539.catv.broadband.hu [80.99.245.57]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by server.t-hosting.hu (Postfix) with ESMTP id D7E679F2AB7; Sat, 14 Apr 2007 14:19:09 +0200 (CEST) Message-ID: <4620C6B0.6090002@FreeBSD.org> Date: Sat, 14 Apr 2007 14:18:56 +0200 From: Gabor Kovesdan User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: Jim Stapleton References: <80f4f2b20704140425w2631ee3co5547b772f6c972e8@mail.gmail.com> <4620BC95.3070107@FreeBSD.org> <80f4f2b20704140509w6546e0dcqd54e302fbecb5ed7@mail.gmail.com> In-Reply-To: <80f4f2b20704140509w6546e0dcqd54e302fbecb5ed7@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Given this evidence, should I be worried that I may have been hacked X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Apr 2007 12:19:17 -0000 Jim Stapleton schrieb: > I have DSA. I will change it to a nonstandard port, but I was > wondering what your oppinion on a good way to check if this is the > result of me being hacked, or just someone loosing interest. > Well, I think the latter. If you have an up-to-date system with up-to-date packages, you should not be too much worried, I think brute-force is useless if one uses strong passwords. I'd check auth-log and the output of last(1) if that says something, but you can never be sure. So I'd say just be happy, that they stopped trying, but don't give up the regular maintainence so that your system be as secure as it can be. :) Oh, and you can try port-knocking as well to secure the sshd port. If you don't know what it is, just google for it. Gabor