Possible hacking on SSH what should I do?
Kevin Cozens
kevin-4dS5u2o1hCn3fQ9qLvQP4Q at public.gmane.org
Wed Jul 14 02:16:22 UTC 2010
Myles Braithwaite wrote:
> Some one from a French IP is trying to access one of my servers:
>
> Jul 13 15:05:30 fox sshd[1866]: reverse mapping checking getaddrinfo
> for 23-194.213-56.static-ip.oleane.fr [213.56.194.23] failed -
> POSSIBLE BREAK-IN ATTEMPT!
I would add them to your hosts.deny file.
If this is your own machine accessed from multiple places, knockd would be
worth looking at using on the machine (I was just reading about it in the
January 2010 issue of Linux Journal).
I found having lots of people poking at a remote machine I administer that
had sshd running. Since I only accessed the remote machine from my home
computer (which has a static domain name but dynamic IP address), I set up
hosts.allow to allow ssh from my static domain name but deny everyone else.
It drastically cut down the sites reported in the daily summary of the
system logs and they are all reported as "connection refused x times" where
x is usually a single digit.
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list