Sorry for the top post,
Setup an iptables based connection limiting rule so that you deny more than 3 ssh connects per minute from any IP address. Ther are more intelligent scripts like fail2ban, but I usually find a simple 2 line iptables connection limiter sufficient to stop bots from brute forcing your passwords. Raja On 07/12/2009, Shrinivasan T <tshriniva...@gmail.com> wrote: > Hi, > > I feel that one of my server is hacked. > > "last" says that > saravana pts/2 78.96.162.69 Thu Dec 3 03:22 - 03:23 (00:00) > > > geoip sites said that. > IP Address: 78.96.162.69 > Country: Romania romania > Country code: RO (ROU) > Region: Vrancea > City: Focsani > > > All histories before dec 3 were cleared. > > how to find that weather my server is hacked? > wondering that the cracker could done in a single minute. > > need help on hardening the server. > > Server is in a remote place. > I have only ssh access. > > how to find that what was happened to my server on dec 3 ? > > Thanks in advance. > > -- > Regards, > T.Shrinivasan > > > My experiences with Linux are here > http://goinggnu.wordpress.com > > For Free and Open Source Jobs > http://fossjobs.wordpress.com > _______________________________________________ > To unsubscribe, email ilugc-requ...@ae.iitm.ac.in with > "unsubscribe <password> <address>" > in the subject or body of the message. > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc > -- - Raja _______________________________________________ To unsubscribe, email ilugc-requ...@ae.iitm.ac.in with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
