Re: what to do?

Hey Bill,

Look in your sshd_config file, you should be able to restrict who can logon. You
can restrict the root, and also set a list of users who can logon... This will
restrict it to only the select few you need. I would not allow root. You would
then have to logon with your regular account, and su - root....

Hope that helps!

Cam

Quoting morph84 <lucas84@uno.it>:

> Bill Smith wrote:
>
> > Hi Guys,
> >
> > I noticed that someone is trying to hacker into my
> > machine. Please see below is the content of
> > /var/log/security.
> > what I would like some advice of you guys is, what
> > will I do with these people?
> > btw, I do have FW
> >
> > Cheers,
> >
> > Bill
> >
> > Aug 24 17:56:28 tiger sshd[8229]: Invalid user golfer
> > from 80.68.204.50
> > Aug 24 17:56:28 tiger sshd[8231]: Invalid user golfer
> > from 80.68.204.50
> > Aug 24 17:56:29 tiger sshd[8233]: Invalid user golfer
> > from 80.68.204.50
> > Aug 24 17:56:30 tiger sshd[8235]: Invalid user golf
> > from 80.68.204.50
> > Aug 24 17:56:31 tiger sshd[8237]: Invalid user golf
> > from 80.68.204.50
> > Aug 24 17:56:32 tiger sshd[8239]: Invalid user goose
> > from 80.68.204.50
> > Aug 24 17:56:32 tiger sshd[8241]: Invalid user goose
> > from 80.68.204.50
> > Aug 24 17:56:33 tiger sshd[8243]: Invalid user goose
> > from 80.68.204.50
> > Aug 24 17:56:34 tiger sshd[8245]: Invalid user gorges
> > from 80.68.204.50
> > Aug 24 17:56:35 tiger sshd[8247]: Invalid user gorges
> > from 80.68.204.50
> > Aug 24 17:56:35 tiger sshd[8249]: Invalid user gorges
> > from 80.68.204.50
> > Aug 24 17:56:36 tiger sshd[8251]: Invalid user gosling
> > from 80.68.204.50
> > Aug 24 17:56:37 tiger sshd[8253]: Invalid user gosling
> > from 80.68.204.50
> > Aug 24 17:56:38 tiger sshd[8255]: Invalid user gosling
> > from 80.68.204.50
> > Aug 24 17:56:38 tiger sshd[8257]: Invalid user gouge
> > from 80.68.204.50
> > Aug 24 17:56:39 tiger sshd[8259]: Invalid user gouge
> > from 80.68.204.50
> > Aug 24 17:56:40 tiger sshd[8261]: Invalid user gouge
> > from 80.68.204.50
> > Aug 24 17:56:40 tiger sshd[8263]: Invalid user graham
> > from 80.68.204.50
> > Aug 24 17:56:41 tiger sshd[8265]: Invalid user graham
> > from 80.68.204.50
> > Aug 24 17:56:42 tiger sshd[8267]: Invalid user graham
> > from 80.68.204.50
> > Aug 24 17:56:42 tiger sshd[8269]: Invalid user grahm
> > from 80.68.204.50
> > Aug 24 17:56:43 tiger sshd[8271]: Invalid user grahm
> > from 80.68.204.50
> > Aug 24 17:56:44 tiger sshd[8273]: Invalid user grahm
> > from 80.68.204.50
> > Aug 24 17:56:44 tiger sshd[8275]: Invalid user grandpa
> > from 80.68.204.50
> > Aug 24 17:56:45 tiger sshd[8277]: Invalid user grandpa
> > from 80.68.204.50
> > Aug 24 17:56:46 tiger sshd[8279]: Invalid user grandpa
> > from 80.68.204.50
> > Aug 24 17:56:47 tiger sshd[8281]: Invalid user green
> > from 80.68.204.50
> > Aug 24 17:56:48 tiger sshd[8283]: Invalid user green
> > from 80.68.204.50
> > Aug 24 17:56:48 tiger sshd[8285]: Invalid user green
> > from 80.68.204.50
> > Aug 24 17:56:49 tiger sshd[8287]: Invalid user grey
> > from 80.68.204.50
> > Aug 24 17:56:50 tiger sshd[8289]: Invalid user grey
> > from 80.68.204.50
> > Aug 24 17:56:50 tiger sshd[8291]: Invalid user grey
> > from 80.68.204.50
> > Aug 24 17:56:51 tiger sshd[8293]: Invalid user group
> > from 80.68.204.50
> > Aug 24 17:56:52 tiger sshd[8295]: Invalid user group
> > from 80.68.204.50
> > Aug 24 17:56:52 tiger sshd[8297]: Invalid user group
> > from 80.68.204.50
> > Aug 24 17:56:53 tiger sshd[8299]: Invalid user gryphon
> > from 80.68.204.50
> > Aug 24 17:56:54 tiger sshd[8301]: Invalid user gryphon
> > from 80.68.204.50
> > Aug 24 17:56:54 tiger sshd[8303]: Invalid user gryphon
> > from 80.68.204.50
> > Aug 24 17:56:55 tiger sshd[8305]: Invalid user gucci
> > from 80.68.204.50
>
> Hi Bill,
> I haven't much experience and i am not sure, but it looks like a
> dictionary attack over your ssh deamon.
> First if yuo dont need ssh stop the deamon. :-)
> Else one way is to run ssh on a different port or, if possible, restrict
> access by source IP address.
> If you don't absolutely need a login based on a password, you could also
> authenticate via ssh keys (man ssh-keygen). Then you can turn off password
> based authentication.
> I think that there are many others ways, for more information look at
> the archives of securityfocus.
> Sorry for my english.
> Regards.
>
>
> --
> Morph84
>
> Fedora 3/4 GNU/Linux User
>
> 1° mail:  lucas84@uno.it
> 2° mail:  morph84@gmail.com
> IRC:      irc.azzurra.net -> #linuxmania-#hackerkulture-#fedora-it-#disi
> Jabber:   morph84@jabber.linux.it
> GPG Key:  BED280B0 on keyserver.linux.it
> web page: http://freenet.sourceforge.net - www.gugli.it -
> www.nosoftwarepatents.com-www.python.it
>
>
> What is "real"?
> How do you define "real"?
> If you are talking about what you can feel...what you can
> smell,taste and see...then real is simply electrical signal
> interpreted by your brain.




----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.