[svlug] What to do about ssh hack attempts?

Jon Zweig jon at jzweig.org
Wed Feb 1 08:11:12 PST 2006

Next message: [svlug] What to do about ssh hack attempts?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello All-

Each morning I read with alarm, my logwatch report of hackers trying to
get in via ssh:

sshd:
    Authentication Failures:
       unknown (209.217.109.3): 198 Time(s)
       unknown (211.137.86.52): 89 Time(s)
       adm (209.217.109.3): 15 Time(s)
       root (209.217.109.3): 15 Time(s)
       ftp (209.217.109.3): 14 Time(s)
       adm (211.137.86.52): 6 Time(s)
       unknown (zz-13-91-a8.bta.net.cn): 6 Time(s)
       root (zz-13-91-a8.bta.net.cn): 3 Time(s)
       apache (211.137.86.52): 1 Time(s)
    Invalid Users:
       Unknown Account: 293 Time(s)


Besides disabling root login, is there anything I ought to be doing
about this? Is there a way to harden against these ip addresses?

Would appreciate any thoughts-

Jon

Next message: [svlug] What to do about ssh hack attempts?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list