Date: Sat, 14 Apr 2007 14:19:46 +0200 From: Martin Hudec <corwin@aeternal.net> To: freebsd-questions@freebsd.org Subject: Re: Given this evidence, should I be worried that I may have been hacked Message-ID: <4620C6E2.9050502@aeternal.net> In-Reply-To: <80f4f2b20704140509w6546e0dcqd54e302fbecb5ed7@mail.gmail.com> References: <80f4f2b20704140425w2631ee3co5547b772f6c972e8@mail.gmail.com> <4620BC95.3070107@FreeBSD.org> <80f4f2b20704140509w6546e0dcqd54e302fbecb5ed7@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jim Stapleton wrote: > I have DSA. I will change it to a nonstandard port, but I was > wondering what your oppinion on a good way to check if this is the > result of me being hacked, or just someone loosing interest. If you are hacked, then something might or might not be going on your system (check for unusual stuff, like rise in number of processes, or disk usage, or network traffic, and think about it). You know how your system behave on day to day, do you? Nevertheless generally speaking, 99.99% of these brute attempts to get ssh access is coming from various zombies, blindly trying out port 22, that's why the port change is usual advice. There are easier ways on how to get inside than just bruteforcing via login credentials wild guessing. For example take unsecured web server with some full-of-bugs content management system. Exploiting a vulnerability will allow someone (this time definitely not a zombie) to get into the system and go forward with any dark actions he/she might have in the mind. nice sunny weekend, Martin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4620C6E2.9050502>