[ale] hack attempts
Bob Toxen
transam at verysecurelinux.com
Tue Feb 8 16:45:25 EST 2005
On Mon, Feb 07, 2005 at 02:12:30AM +0000, Jay Loden wrote:
> I got exactly the same thing on my home desktop (which has ssh so I can log in
> from away) and i mean exactly...same usernames and everything.
> I'd also be interested to know what if anything one can do about this,
> besides blocking the IPs
1. If you don't need SSH, turn it off.
2. Use the ssh.com version of SSH as it has a better security history than
OpenSSH by about 4:1.
3. Edit your /etc/hosts.allow and /etc/hosts.deny to allow SSH access only
from those systems that need it.
> -Jay
Bob Toxen
bob at verysecurelinux.com [Please use for email to me]
http://www.verysecurelinux.com [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
"Microsoft: Unsafe at any clock speed!"
-- Bob Toxen 10/03/2002
> On Sunday 06 February 2005 10:38 pm, Jim Philips wrote:
> > Feb 6 06:53:55 localhost sshd[1659]: Invalid user patrick from
> > 62.193.234.89
> > Feb 6 06:53:55 localhost sshd[1659]: Failed password for invalid user
> > patrick from 62.193.234.89 port 37002 ssh2
> > Feb 6 06:53:57 localhost sshd[1663]: Invalid user patrick from
> > 62.193.234.89
> > Feb 6 06:53:57 localhost sshd[1663]: Failed password for invalid user
> > patrick from 62.193.234.89 port 37199 ssh2
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list