Jeffrey wrote regarding 'Re: [SLE] Hacking Question' on Fri, Oct 01 at 07:21:
On Friday 01 October 2004 05:43, Rikard Johnels wrote:
On Friday 01 October 2004 08.21, Branimir Vasilic wrote:
I have detected recently some users trying to gain access on my server via ssh. I have their IPs and found the servers that these users have access from.
I know this doesn't answer your question but if it's just a bunch of tries to ssh as guest, admin or test you can try changing your ssh port. I had the same problem and after changing the port these went away.
Brana
There was talk of a new wave of exploits/viruses that tries to gain access via shh. It tries to find entries for guest/admin and a few other common ones.
Might be something like that.
Yeah, it's either a virus or a script that's been passed around. It leaves the same signature of access attempts in the log. I've tuned my iptables firewall to limit IP access to authorized addresses and drop any other connection attempts. Unfortunately this approach isn't practical if you have dialup users with dynamic IPs.
Wouldn't it be easier to just not use acccounts named "guest" or "admin", or at least set decent passwords for those accounts? :) --Danny, with logs full of those attempts...