Security Basics mailing list archives
Re: what to do?
From: "AragonX" <aragonx () dcsnow com>
Date: Tue, 30 Aug 2005 07:52:16 -0400 (EDT)
<quote who="Jayson Anderson">
On Thu, 2005-08-25 at 00:30 -0700, Bill Smith wrote:Hi Guys, I noticed that someone is trying to hacker into my machine. Please see below is the content of /var/log/security. what I would like some advice of you guys is, what will I do with these people? btw, I do have FW
Do you need to be able to access your machine remotely through ssh? If no then disable. Do others need to be able to access your machine remotely through ssh? If no then 'AllowUsers = <enter your user name>' in sshd_config Do you have a limited number of domains you logon from? If yes then '$IPTABLES -A INPUT -p tcp -i $EXTIF -s yourdomain.com --dport 22 -j ACCEPT' in your firewall rules. Need a default deny policy. Finally I also suggest: ListenAddress <anything other than 22> PermitRootLogin no This of course assumes that you are using a newer version of Linux.
Current thread:
- what to do? Bill Smith (Aug 26)
- Re: what to do? Jayson Anderson (Aug 29)
- Re: what to do? AragonX (Aug 30)
- Re: what to do? Ansgar -59cobalt- Wiechers (Aug 29)
- Re: what to do? Alexander Bolante (Aug 29)
- Re: what to do? Robert Escue (Aug 29)
- Re: what to do? Bow Sineath (Aug 29)
- Re: what to do? Leif Ericksen (Aug 31)
- Re: what to do? Duncan (Aug 29)
- Re: what to do? Jonathan Loh (Aug 29)
- RE: what to do? Eduardo Suzuki (Aug 30)
- Re: what to do? morph84 (Aug 29)
- Re: what to do? cam (Aug 30)
(Thread continues...)
- Re: what to do? Jayson Anderson (Aug 29)