Re: what to do?

[zp <zperkov () gmail com>]

All great suggestions thusfar. I found it easier
to just change the default port for ssh. 

-z

On 8/30/05, cam () fischer ca <cam () fischer ca> wrote:
> Hey Bill,
>
> Look in your sshd_config file, you should be able to restrict who can logon. You
> can restrict the root, and also set a list of users who can logon... This will
> restrict it to only the select few you need. I would not allow root. You would
> then have to logon with your regular account, and su - root....
>
> Hope that helps!
>
> Cam
>
> Quoting morph84 <lucas84 () uno it>:
>
> > Bill Smith wrote:
> >
> > > Hi Guys,
> > >
> > > I noticed that someone is trying to hacker into my
> > > machine. Please see below is the content of
> > > /var/log/security.
> > > what I would like some advice of you guys is, what
> > > will I do with these people?
> > > btw, I do have FW
> > >
> > > Cheers,
> > >
> > > Bill
> > >
> > > Aug 24 17:56:28 tiger sshd[8229]: Invalid user golfer
> > > from 80.68.204.50
> > > Aug 24 17:56:28 tiger sshd[8231]: Invalid user golfer
> > > from 80.68.204.50
> > > Aug 24 17:56:29 tiger sshd[8233]: Invalid user golfer
> > > from 80.68.204.50
> > > Aug 24 17:56:30 tiger sshd[8235]: Invalid user golf
> > > from 80.68.204.50
> > > Aug 24 17:56:31 tiger sshd[8237]: Invalid user golf
> > > from 80.68.204.50
> > > Aug 24 17:56:32 tiger sshd[8239]: Invalid user goose
> > > from 80.68.204.50
> > > Aug 24 17:56:32 tiger sshd[8241]: Invalid user goose
> > > from 80.68.204.50
> > > Aug 24 17:56:33 tiger sshd[8243]: Invalid user goose
> > > from 80.68.204.50
> > > Aug 24 17:56:34 tiger sshd[8245]: Invalid user gorges
> > > from 80.68.204.50
> > > Aug 24 17:56:35 tiger sshd[8247]: Invalid user gorges
> > > from 80.68.204.50
> > > Aug 24 17:56:35 tiger sshd[8249]: Invalid user gorges
> > > from 80.68.204.50
> > > Aug 24 17:56:36 tiger sshd[8251]: Invalid user gosling
> > > from 80.68.204.50
> > > Aug 24 17:56:37 tiger sshd[8253]: Invalid user gosling
> > > from 80.68.204.50
> > > Aug 24 17:56:38 tiger sshd[8255]: Invalid user gosling
> > > from 80.68.204.50
> > > Aug 24 17:56:38 tiger sshd[8257]: Invalid user gouge
> > > from 80.68.204.50
> > > Aug 24 17:56:39 tiger sshd[8259]: Invalid user gouge
> > > from 80.68.204.50
> > > Aug 24 17:56:40 tiger sshd[8261]: Invalid user gouge
> > > from 80.68.204.50
> > > Aug 24 17:56:40 tiger sshd[8263]: Invalid user graham
> > > from 80.68.204.50
> > > Aug 24 17:56:41 tiger sshd[8265]: Invalid user graham
> > > from 80.68.204.50
> > > Aug 24 17:56:42 tiger sshd[8267]: Invalid user graham
> > > from 80.68.204.50
> > > Aug 24 17:56:42 tiger sshd[8269]: Invalid user grahm
> > > from 80.68.204.50
> > > Aug 24 17:56:43 tiger sshd[8271]: Invalid user grahm
> > > from 80.68.204.50
> > > Aug 24 17:56:44 tiger sshd[8273]: Invalid user grahm
> > > from 80.68.204.50
> > > Aug 24 17:56:44 tiger sshd[8275]: Invalid user grandpa
> > > from 80.68.204.50
> > > Aug 24 17:56:45 tiger sshd[8277]: Invalid user grandpa
> > > from 80.68.204.50
> > > Aug 24 17:56:46 tiger sshd[8279]: Invalid user grandpa
> > > from 80.68.204.50
> > > Aug 24 17:56:47 tiger sshd[8281]: Invalid user green
> > > from 80.68.204.50
> > > Aug 24 17:56:48 tiger sshd[8283]: Invalid user green
> > > from 80.68.204.50
> > > Aug 24 17:56:48 tiger sshd[8285]: Invalid user green
> > > from 80.68.204.50
> > > Aug 24 17:56:49 tiger sshd[8287]: Invalid user grey
> > > from 80.68.204.50
> > > Aug 24 17:56:50 tiger sshd[8289]: Invalid user grey
> > > from 80.68.204.50
> > > Aug 24 17:56:50 tiger sshd[8291]: Invalid user grey
> > > from 80.68.204.50
> > > Aug 24 17:56:51 tiger sshd[8293]: Invalid user group
> > > from 80.68.204.50
> > > Aug 24 17:56:52 tiger sshd[8295]: Invalid user group
> > > from 80.68.204.50
> > > Aug 24 17:56:52 tiger sshd[8297]: Invalid user group
> > > from 80.68.204.50
> > > Aug 24 17:56:53 tiger sshd[8299]: Invalid user gryphon
> > > from 80.68.204.50
> > > Aug 24 17:56:54 tiger sshd[8301]: Invalid user gryphon
> > > from 80.68.204.50
> > > Aug 24 17:56:54 tiger sshd[8303]: Invalid user gryphon
> > > from 80.68.204.50
> > > Aug 24 17:56:55 tiger sshd[8305]: Invalid user gucci
> > > from 80.68.204.50
> >
> > Hi Bill,
> > I haven't much experience and i am not sure, but it looks like a
> > dictionary attack over your ssh deamon.
> > First if yuo dont need ssh stop the deamon. :-)
> > Else one way is to run ssh on a different port or, if possible, restrict
> > access by source IP address.
> > If you don't absolutely need a login based on a password, you could also
> > authenticate via ssh keys (man ssh-keygen). Then you can turn off password
> > based authentication.
> > I think that there are many others ways, for more information look at
> > the archives of securityfocus.
> > Sorry for my english.
> > Regards.
> >
> >
> > --
> > Morph84
> >
> > Fedora 3/4 GNU/Linux User
> >
> > 1° mail:  lucas84 () uno it
> > 2° mail:  morph84 () gmail com
> > IRC:      irc.azzurra.net -> #linuxmania-#hackerkulture-#fedora-it-#disi
> > Jabber:   morph84 () jabber linux it
> > GPG Key:  BED280B0 on keyserver.linux.it
> > web page: http://freenet.sourceforge.net - www.gugli.it -
> > www.nosoftwarepatents.com-www.python.it
> >
> >
> > What is "real"?
> > How do you define "real"?
> > If you are talking about what you can feel...what you can
> > smell,taste and see...then real is simply electrical signal
> > interpreted by your brain.
>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.