[ale] hack attempts

Bob Toxen transam at verysecurelinux.com
Tue Feb 8 16:45:25 EST 2005


On Mon, Feb 07, 2005 at 02:12:30AM +0000, Jay Loden wrote:
> I got exactly the same thing on my home desktop (which has ssh so I can log in 
> from away) and i mean exactly...same usernames and everything.  

> I'd also be interested to know what if anything one can do about this,
> besides blocking the IPs 
1. If you don't need SSH, turn it off.
2. Use the ssh.com version of SSH as it has a better security history than
   OpenSSH by about 4:1.
3. Edit your /etc/hosts.allow and /etc/hosts.deny to allow SSH access only
   from those systems that need it.

> -Jay

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002


> On Sunday 06 February 2005 10:38 pm, Jim Philips wrote:
> > Feb  6 06:53:55 localhost sshd[1659]: Invalid user patrick from
> > 62.193.234.89
> > Feb  6 06:53:55 localhost sshd[1659]: Failed password for invalid user
> > patrick from 62.193.234.89 port 37002 ssh2
> > Feb  6 06:53:57 localhost sshd[1663]: Invalid user patrick from
> > 62.193.234.89
> > Feb  6 06:53:57 localhost sshd[1663]: Failed password for invalid user
> > patrick from 62.193.234.89 port 37199 ssh2
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list