It was bound to happen - suspected hack
Dave Hull
dphull at insipid.com
Thu Oct 21 10:49:36 CDT 2004
Quoting Jon Moss <jon.moss at cnonline.net>:
> I saw your modification in my research. Thanks for confirming it. I'll
> add it to my hosts.allow file.
>
> Thanks for the quick responses.
You can also use iptables to restrict access to port 22, btw. You could combine
this with tcpwrappers and have "security in layers." Hell, modify your sshd
config file and further restrict access there too.
As for the attempted logins you're seeing in your secure.log file, I have 11
Linux servers that are hit daily by these attempts. It's a scripted attack that
seems to wax and wain periodically. I wouldn't be too concerned about it. Sure
keep an eye on your log files, check them every day. And be sure you've got
good complex passwords on your accounts.
What you've seen is pretty mundane. It's not a hack... yet. It is an attempt to
hack using common account names and passwords.
--
Dave Hull
http://insipid.com
More information about the Kclug
mailing list