[wplug] Any tips against this kind of ssh break-in?
box
box477 at gmail.com
Sat Jul 16 00:16:42 EDT 2005
Most of these brute force attacks are script kiddies who don't even
scan for open ports or anything. I moved the port SSH (22) is
listening on to another and haven't had an attack on my box yet (knock
on wood), so that's something that I'd recommend you doing if you want
a more secured box. That's just a minor deterrent to thwart of
script-kiddies, but not a determined crack addict.
On 7/15/05, Brandon Kuczenski <brandon at 301south.net> wrote:
> On Fri, 15 Jul 2005, Russ Schneider wrote:
>
> > On Fri, 15 Jul 2005, Brian A. Seklecki wrote:
> >
> >> GOOD GOD!! What distro* still ships with PermitRootLogin set to "yes" by
> >> default ?! Are you sure that's the case, or perhaps it was commented in
> >> the sshd_config (prefixed with "#"), but the comment in the config
> >> doesn't reflect the default source code setting (servconf.h)?
> >
> > Well it was commented out as "yes". Eitehr way, I uncommented it and set
> > it to "no" to be safe.
> >
> >
> >> Also, as everyone else is saying, regardless of your IP networking
> >> environment, you should have some sort of host-based firewall only
> >> allowing SSH from trusted hosts.
> >
> > I hardly know where I'll be when I want to login to the box. Sometimes
> > I'm at a client's site and I need to login, so a trusted hosts list
> > doesn't really help me much.
> >
>
> Also, most of these attacks are probably coming from dynamic IPs.
>
> For the record, my logs average about a hundred root-password attempts a
> night on my box. It doesn't bother me much.
>
> -Brandon
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
More information about the wplug
mailing list