On Sat, 19 May 2012 15:04:28 -0600, Glenn English wrote: > On May 19, 2012, at 2:35 PM, Camaleón wrote: > >> You can also run rkhunter to scan your system. > > Done. It says: > > File properties checks... > Files checked: 128 > Suspect files: 0 > > Rootkit checks... > Rootkits checked : 110 > Possible rootkits: 0 > > Applications checks... > Applications checked: 6 > Suspect applications: 0 > > Next?? :-)
It seems clean :-) Next I'll do is: 1/ Monitor the Fail2ban logs to check if the attack is still in place. 2/ Try to find out the IP source of the machine(s) that is generating this just to confirm this is a common dictionary attack and nothing more serious or from a different nature. And there's no much you can do, sadly this is a usual situation for every service (web server, ftp, ssh, smtp, pop3/imap...) that is connected to Internet: once you are online you'll be fried ;-( Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jpaijr$u2v$4...@dough.gmane.org
