Date: Tue, 17 May 2005 15:36:45 +0100 From: Peter Kropholler <peterkropholler@mac.com> To: freebsd-questions@freebsd.org Subject: illegal user root user failed login attempts Message-ID: <C993D184-EDA6-446B-96CC-59B9AFE34AC2@mac.com>
next in thread | raw e-mail | index | archive | help
This link might help: http://seclists.org/lists/incidents/2005/Feb/0004.html Karol, Thanks for this pointer. There are two really important pieces of advice on that web page which persuade me to ditch any thoughts of trying to determine what passwords people are using with their illegal login scams: 1. it's probably illegal 2. it potentially gives hackers an excuse: someone else knew their password?! As things stand, ssh is designed so you can't get at people's passwords and I am leaving it alone. Focussing instead on the task of making sure my passwords are strong, limiting AllowUsers to specific users and trusted ip addresses, and moving ssh off port 22. Other advice I received was to consider logging ip addresses and sending complaints to the relevant authorities: however I doubt that there is very much point in doing so since my guess is that most scams come from hacked machines anyway. Basically you never see the same ip address twice. many thanks Peter K
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C993D184-EDA6-446B-96CC-59B9AFE34AC2>