On Fri, Aug 06, 2004 at 08:26:01AM -0500, James A. Coulter wrote: > I recently got my firewall up and configured (many thanks to JJB and everyone else > for their help) and have been reading the daily security message from root with a > great deal of interest. > > My question is, when I see entries like this: > > Aug 5 17:55:54 sara sshd[2099]: Failed password for root from 209.120.224.13 > +port 40515 ssh2 > Aug 5 17:55:55 sara sshd[2101]: Failed password for root from 209.120.224.13 > +port 60426 ssh2 > Aug 5 17:55:55 sara sshd[2103]: Failed password for root from 209.120.224.13 > +port 54447 ssh2 > Aug 5 17:55:59 sara sshd[2105]: Failed password for root from 209.120.224.13 > +port 44460 ssh2 > > is it safe to assume someone has been trying to hack my system? > > Jim C.
Hi Jim, Yeah, I get these all the time. I've always chalked it up to random script kiddies. Sometimes i get people trying to log in as generic usernames like admin, guest, etc. Make sure that PermitRootLogin is either set to no or commented out in /etc/ssh/sshd_config, and of course make sure you are using a good root password. Now, if you really want to work yourself up, start browsing your httpd-access logs :) -dan _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
