[ale] hack attempts
Jim Popovitch
jimpop at yahoo.com
Tue Feb 8 17:17:22 EST 2005
On Tue, 2005-02-08 at 16:40 -0500, Bob Toxen wrote:
> On Sun, Feb 06, 2005 at 08:35:44PM -0800, Jim Popovitch wrote:
> > Just run ssh on another port, something unlike 22 (don't use 44, 222, 2222,
> > 2020, etc). As someone else mentioned, this looks like a brute force attempt
> > to login as stupid users. Someone probably got a hold of a passwd file and
> > decide to use it against the world. Lame, very lame.
> >
> This is "Security by Obsecurity" and it is not a good solution. See my last
> email and also use a REAL good password.
Assuming one is already using a "REAL good password" moving ssh to a
different port is an excellent next step and in no way qualifies being
labeled "security through Obsecurity" (or even obscurity). It is a good
best-practice for production environments with public facing servers
that don't require well-known port access.
-Jim P.
More information about the Ale
mailing list