2 Mar
2021
2 Mar
'21
20:50
On 02/03/2021 20.21, James Knott wrote:
On 2021-03-02 1:55 p.m., Per Jessen wrote:
James Knott wrote:
sometimes just grepping for 'ssh' in /var/log/messages will show you a login from an unknown ip address.
That appears to be the way they got in. I just realized I had ssh opened in my firewall for testing recently and forgot to close it. I have changed the password and disabled login for that account. I will be removing the account entirely.
It came from 61.177.173.3, which is in China.
He guessed the login/pass? -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)