Possible hacking on SSH what should I do?

Kevin Cozens kevin-4dS5u2o1hCn3fQ9qLvQP4Q at public.gmane.org
Wed Jul 14 02:16:22 UTC 2010


Myles Braithwaite wrote:
> Some one from a French IP is trying to access one of my servers:
> 
> Jul 13 15:05:30 fox sshd[1866]: reverse mapping checking getaddrinfo
> for 23-194.213-56.static-ip.oleane.fr [213.56.194.23] failed -
> POSSIBLE BREAK-IN ATTEMPT!

I would add them to your hosts.deny file.

If this is your own machine accessed from multiple places, knockd would be 
worth looking at using on the machine (I was just reading about it in the 
January 2010 issue of Linux Journal).

I found having lots of people poking at a remote machine I administer that 
had sshd running. Since I only accessed the remote machine from my home 
computer (which has a static domain name but dynamic IP address), I set up 
hosts.allow to allow ssh from my static domain name but deny everyone else. 
It drastically cut down the sites reported in the daily summary of the 
system logs and they are all reported as "connection refused x times" where 
x is usually a single digit.

--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list