Same as Ville, Disable the "Permit root login" feature in your sshd_config file. Check the auth.log, and install fail2ban. And, of course, keep your servers updated!!!
Regards, Nico > Date: Thu, 29 Dec 2011 16:33:08 +0200 > From: vi...@tiensuu.eu > To: taz.ins...@gmail.com > CC: debian-security@lists.debian.org > Subject: Re: need help with openssh attack > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello, > > Could you please paste /var/log/auth.log message of attack? > Are you sure about it's not any bruteforce attack or similar? > I think the problem is not in SSH server itself, it's in your server's > security. Are you using weak password, and allowing direct root access > to the server via SSH? > If problem persists in your other servers, try to use fail2ban or similar. > > - -Ville > > 29.12.2011 16:04, Taz wrote: > > Hello, we've got various debian servers, about 15, with different > > versions. All of them have been attacked today and granted root > > access. Can anybody help? We can give ssh access to attacked > > machine, it seems to be serious ssh vulnerability. > > > > How can i contact openssh mnt? > > > > Thank you. > > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.17 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJO/HokAAoJEFg15w+Y7E/mDL0IAItgyj5TSWgTILUE7l/cF7PS > BwG71ypgQf/uMlsNnkbylspnvBj9edZfKfer844NvrG6yJbLw25sNI4eOLlvO1xQ > nQJHwSNPhWVRHt3gwu5QlHSv0r0qbBdcXjQXDwqG6adp8qY3Qx7BIzvU0DThb08K > Kbk0/4WcUHb7GtphJUIENPnyaC6xksb413fyT2RW3/m3xm7bRWqXH5bSAvs4/NIP > 1m9oqxPO+HNnTF1U1KV+fdubLGIYeMHrskKSubBQ7U/+mn7/uhANT6Ke4XFtWsu8 > Mgwr11j2/trCTxBNJvAEyjdpK2/vn+LRgNF12THOeCVFNQcgVyY+iWwGddY6IyU= > =8DkS > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/4efc7a24.3030...@tiensuu.eu >
