[svlug] What to do about ssh hack attempts?

stripes stripes at tigerlair.com
Wed Feb 1 08:21:47 PST 2006

Previous message: [svlug] What to do about ssh hack attempts?
Next message: [svlug] What to do about ssh hack attempts?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I would set up publickey access only.

-Anne

On Wed, Feb 01, 2006 at 08:11:12AM -0800, Jon Zweig wrote:
> Hello All-
> 
> Each morning I read with alarm, my logwatch report of hackers trying to
> get in via ssh:
> 
> sshd:
>     Authentication Failures:
>        unknown (209.217.109.3): 198 Time(s)
>        unknown (211.137.86.52): 89 Time(s)
>        adm (209.217.109.3): 15 Time(s)
>        root (209.217.109.3): 15 Time(s)
>        ftp (209.217.109.3): 14 Time(s)
>        adm (211.137.86.52): 6 Time(s)
>        unknown (zz-13-91-a8.bta.net.cn): 6 Time(s)
>        root (zz-13-91-a8.bta.net.cn): 3 Time(s)
>        apache (211.137.86.52): 1 Time(s)
>     Invalid Users:
>        Unknown Account: 293 Time(s)
> 
> 
> Besides disabling root login, is there anything I ought to be doing
> about this? Is there a way to harden against these ip addresses?
> 
> Would appreciate any thoughts-
> 
> Jon
> 
> 
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug
> 
--
Time for new haiku:                (\`--/') _ _______ .-r-.   
Lacking inspiration, I              >.~.\ `` ` `,`,`. ,'_'~`.          
waste this space again. -Tina Bird (v_," ; `,-\ ; : ; \/,-~) \          
stripes at tigerlair dot com        `--'_..),-/ ' ' '_.>-' )`.`.__.')   
stripes at brickbox dot com        ((,((,__..'~~~~~~((,__..'  `-..-'fL

Previous message: [svlug] What to do about ssh hack attempts?
Next message: [svlug] What to do about ssh hack attempts?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list