Security Basics mailing list archives
Re: what to do?
From: morph84 <lucas84 () uno it>
Date: Sat, 27 Aug 2005 11:33:54 +0200
Bill Smith wrote:
Hi Guys, I noticed that someone is trying to hacker into my machine. Please see below is the content of /var/log/security. what I would like some advice of you guys is, what will I do with these people? btw, I do have FW Cheers, Bill Aug 24 17:56:28 tiger sshd[8229]: Invalid user golfer from 80.68.204.50 Aug 24 17:56:28 tiger sshd[8231]: Invalid user golfer from 80.68.204.50 Aug 24 17:56:29 tiger sshd[8233]: Invalid user golfer from 80.68.204.50 Aug 24 17:56:30 tiger sshd[8235]: Invalid user golf from 80.68.204.50 Aug 24 17:56:31 tiger sshd[8237]: Invalid user golf from 80.68.204.50 Aug 24 17:56:32 tiger sshd[8239]: Invalid user goose from 80.68.204.50 Aug 24 17:56:32 tiger sshd[8241]: Invalid user goose from 80.68.204.50 Aug 24 17:56:33 tiger sshd[8243]: Invalid user goose from 80.68.204.50 Aug 24 17:56:34 tiger sshd[8245]: Invalid user gorges from 80.68.204.50 Aug 24 17:56:35 tiger sshd[8247]: Invalid user gorges from 80.68.204.50 Aug 24 17:56:35 tiger sshd[8249]: Invalid user gorges from 80.68.204.50 Aug 24 17:56:36 tiger sshd[8251]: Invalid user gosling from 80.68.204.50 Aug 24 17:56:37 tiger sshd[8253]: Invalid user gosling from 80.68.204.50 Aug 24 17:56:38 tiger sshd[8255]: Invalid user gosling from 80.68.204.50 Aug 24 17:56:38 tiger sshd[8257]: Invalid user gouge from 80.68.204.50 Aug 24 17:56:39 tiger sshd[8259]: Invalid user gouge from 80.68.204.50 Aug 24 17:56:40 tiger sshd[8261]: Invalid user gouge from 80.68.204.50 Aug 24 17:56:40 tiger sshd[8263]: Invalid user graham from 80.68.204.50 Aug 24 17:56:41 tiger sshd[8265]: Invalid user graham from 80.68.204.50 Aug 24 17:56:42 tiger sshd[8267]: Invalid user graham from 80.68.204.50 Aug 24 17:56:42 tiger sshd[8269]: Invalid user grahm from 80.68.204.50 Aug 24 17:56:43 tiger sshd[8271]: Invalid user grahm from 80.68.204.50 Aug 24 17:56:44 tiger sshd[8273]: Invalid user grahm from 80.68.204.50 Aug 24 17:56:44 tiger sshd[8275]: Invalid user grandpa from 80.68.204.50 Aug 24 17:56:45 tiger sshd[8277]: Invalid user grandpa from 80.68.204.50 Aug 24 17:56:46 tiger sshd[8279]: Invalid user grandpa from 80.68.204.50 Aug 24 17:56:47 tiger sshd[8281]: Invalid user green from 80.68.204.50 Aug 24 17:56:48 tiger sshd[8283]: Invalid user green from 80.68.204.50 Aug 24 17:56:48 tiger sshd[8285]: Invalid user green from 80.68.204.50 Aug 24 17:56:49 tiger sshd[8287]: Invalid user grey from 80.68.204.50 Aug 24 17:56:50 tiger sshd[8289]: Invalid user grey from 80.68.204.50 Aug 24 17:56:50 tiger sshd[8291]: Invalid user grey from 80.68.204.50 Aug 24 17:56:51 tiger sshd[8293]: Invalid user group from 80.68.204.50 Aug 24 17:56:52 tiger sshd[8295]: Invalid user group from 80.68.204.50 Aug 24 17:56:52 tiger sshd[8297]: Invalid user group from 80.68.204.50 Aug 24 17:56:53 tiger sshd[8299]: Invalid user gryphon from 80.68.204.50 Aug 24 17:56:54 tiger sshd[8301]: Invalid user gryphon from 80.68.204.50 Aug 24 17:56:54 tiger sshd[8303]: Invalid user gryphon from 80.68.204.50 Aug 24 17:56:55 tiger sshd[8305]: Invalid user gucci from 80.68.204.50
Hi Bill, I haven't much experience and i am not sure, but it looks like a dictionary attack over your ssh deamon. First if yuo dont need ssh stop the deamon. :-) Else one way is to run ssh on a different port or, if possible, restrict access by source IP address. If you don't absolutely need a login based on a password, you could also authenticate via ssh keys (man ssh-keygen). Then you can turn off password based authentication. I think that there are many others ways, for more information look at the archives of securityfocus. Sorry for my english. Regards. -- Morph84 Fedora 3/4 GNU/Linux User 1° mail: lucas84 () uno it 2° mail: morph84 () gmail com IRC: irc.azzurra.net -> #linuxmania-#hackerkulture-#fedora-it-#disi Jabber: morph84 () jabber linux it GPG Key: BED280B0 on keyserver.linux.it web page: http://freenet.sourceforge.net - www.gugli.it - www.nosoftwarepatents.com-www.python.it What is "real"? How do you define "real"? If you are talking about what you can feel...what you can smell,taste and see...then real is simply electrical signal interpreted by your brain.
Current thread:
- Re: what to do?, (continued)
- Re: what to do? Jayson Anderson (Aug 29)
- Re: what to do? AragonX (Aug 30)
- Re: what to do? Ansgar -59cobalt- Wiechers (Aug 29)
- Re: what to do? Alexander Bolante (Aug 29)
- Re: what to do? Robert Escue (Aug 29)
- Re: what to do? Bow Sineath (Aug 29)
- Re: what to do? Leif Ericksen (Aug 31)
- Re: what to do? Duncan (Aug 29)
- Re: what to do? Jonathan Loh (Aug 29)
- RE: what to do? Eduardo Suzuki (Aug 30)
- Re: what to do? morph84 (Aug 29)
- Re: what to do? cam (Aug 30)
- Re: what to do? zp (Aug 30)
- Re: what to do? cam (Aug 30)
- Re: what to do? Barrie Dempster (Aug 29)
- Re: what to do? paavan shah (Aug 29)
- Re: what to do? Alexander Klimov (Aug 30)
- Re: what to do? Anthony J Placilla (Aug 30)
- RE: what to do? Mehmet Buyukozer (Aug 31)
- RE: what to do? Rochford, Paul (BOI Compliance) (Aug 30)
- RE: what to do? Shane Singh (Aug 30)
- Re: what to do? Steve.Cummings (Aug 30)
(Thread continues...)
- Re: what to do? Jayson Anderson (Aug 29)