[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Tue Feb 8 16:45:25 2005 -->
- <!--x-from-r13: genafnz ng irelfrpheryvahk.pbz (Pbo Fbkra) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] hack attempts -->
- <li><em>date</em>: Tue Feb 8 16:45:25 2005</li>
- <li><em>from</em>: transam at verysecurelinux.com (Bob Toxen)</li>
- <li><em>in-reply-to</em>: <<a href="msg00197.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00188.html">[email protected]</a>> <<a href="msg00197.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] hack attempts</li>
> I'd also be interested to know what if anything one can do about this,
> besides blocking the IPs
1. If you don't need SSH, turn it off.
2. Use the ssh.com version of SSH as it has a better security history than
OpenSSH by about 4:1.
3. Edit your /etc/hosts.allow and /etc/hosts.deny to allow SSH access only
from those systems that need it.
> -Jay
Bob Toxen
bob at verysecurelinux.com [Please use for email to me]
<a rel="nofollow" href="http://www.verysecurelinux.com";>http://www.verysecurelinux.com</a> [Network&Linux/Unix security consulting]
<a rel="nofollow" href="http://www.realworldlinuxsecurity.com";>http://www.realworldlinuxsecurity.com</a> [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
"Microsoft: Unsafe at any clock speed!"
-- Bob Toxen 10/03/2002
> On Sunday 06 February 2005 10:38 pm, Jim Philips wrote:
> > Feb 6 06:53:55 localhost sshd[1659]: Invalid user patrick from
> > 62.193.234.89
> > Feb 6 06:53:55 localhost sshd[1659]: Failed password for invalid user
> > patrick from 62.193.234.89 port 37002 ssh2
> > Feb 6 06:53:57 localhost sshd[1663]: Invalid user patrick from
> > 62.193.234.89
> > Feb 6 06:53:57 localhost sshd[1663]: Failed password for invalid user
> > patrick from 62.193.234.89 port 37199 ssh2
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00423" href="msg00423.html">[ale] hack attempts</a></strong>
<ul><li><em>From:</em> mhw at wittsend.com (Michael H. Warfield)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00188" href="msg00188.html">[ale] hack attempts</a></strong>
<ul><li><em>From:</em> jimmyc at speedfactory.net (Jim Philips)</li></ul></li>
<li><strong><a name="00197" href="msg00197.html">[ale] hack attempts</a></strong>
<ul><li><em>From:</em> jloden at toughguy.net (Jay Loden)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00239.html">[ale] Sunbird calendar via sftp (on non-standard port)</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00241.html">[ale] hack attempts</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00279.html">[ale] hack attempts</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00423.html">[ale] hack attempts</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00240"><strong>Date</strong></a></li>
<li><a href="threads.html#00240"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>