It was bound to happen - suspected hack
Jon Moss
jon.moss at cnonline.net
Fri Oct 22 06:30:52 CDT 2004
I checked my logs this morning and everything appears much better. I also
solved my lastlog problem.
I made some modifications to ssh and su (wheel group access only). I will
read up on iptables.
I agree that it was probably an automated attack probe looking for common
usernames and passwords. While I have a couple of common user names, the
passwords are not (I love creating wierd passwords - just ask my peers who
groan out loud everytime I give them a new one!).
Thanks again,
Jon
>
> You can also use iptables to restrict access to port 22, btw. You could
> combine
> this with tcpwrappers and have "security in layers." Hell, modify your
> sshd
> config file and further restrict access there too.
>
> As for the attempted logins you're seeing in your secure.log file, I have
> 11
> Linux servers that are hit daily by these attempts. It's a scripted attack
> that
> seems to wax and wain periodically. I wouldn't be too concerned about it.
> Sure
> keep an eye on your log files, check them every day. And be sure you've
> got
> good complex passwords on your accounts.
>
> What you've seen is pretty mundane. It's not a hack... yet. It is an
> attempt to
> hack using common account names and passwords.
>
> --
> Dave Hull
> http://insipid.com
More information about the Kclug
mailing list