I have DSA. I will change it to a nonstandard port, but I was wondering what your oppinion on a good way to check if this is the result of me being hacked, or just someone loosing interest.
On 4/14/07, Gabor Kovesdan <[EMAIL PROTECTED]> wrote:
Jim Stapleton schrieb: > Once I opened up SSH to the outside world, my machine has been > hammered once or twice a day most days, with username failures. None > of the usernames would fit a username on my system (except root), and > I have ssh set to deny root logins, and only use SSH2. Additionally, I > have the following in my login.access (only active entry, the name > have been changed on this, but the three names would appear as 3 and > four character random alphabetical strings): > -:ALL EXCEPT wrbc crr aqp:ALL EXCEPT local > > As of the 9th, I've only seen one set of blatant/brute-force attempt > at my ssh server. It's interesting, but the major drop in attempts has > me more worried than the attempts (could this drop off be because they > no longer need to hack me? Could they have hacked me an that be the > reason why?) > > How worried should I be, and what's the best recourse for this? > On a system I administer I put SSH to a non-standard port (in this case 1234) and the brute force attempts has gone away since then. I suggest you trying that. Besides, you can change to RSA/DSA auth, which is more secure. Regards, Gabor
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
