hack attempt - what to do

Scott Elcomb Scott.Elcomb-iRg7kjdsKiH3fQ9qLvQP4Q at public.gmane.org
Fri Aug 6 12:50:50 UTC 2004


On Fri, 2004-08-06 at 00:09, Noah John Gellner wrote:
> Today some punk tried to hack my system by trying to log in as root to
> my ssh server. There was no problem and I mailed Abuse and Admin at his
> ISP. This attempt was unusual due to the number of attempts. I notice a
> couple of HTTP attacks every day. What do people do about this nonsense.
> I am thinking of starting to aggressively mail ISPs as determined by
> whois and demand that users be warned and/or censured. Any thoughts?

This has happened a few times to me in the last couple of weeks.

I've been adding the IP's to hosts.deny, but might script this one off
as a cron job.  Seems to be happening more and more frequently.

It's not a perfect solution, but it helps reduce the risk I think.

Also, I don't need SSH access for root on the system, so I set
  PermitRootLogin no
in sshd_config, which should also help close that nasty little door.

Would a local, publicly-maintained, blacklist be of any use?  (Or
perhaps a harder question, could it be maintained/managed?)

- Scott.

-- 
https://sourceforge.net/projects/avalonweb/

PGP Public Key:
1024D/98125E76 2004-03-21 Scott Elcomb (dL33T) <Scott.Elcomb-iRg7kjdsKiH3fQ9qLvQP4Q at public.gmane.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://gtalug.org/pipermail/legacy/attachments/20040806/f78217c2/attachment.sig>


More information about the Legacy mailing list