Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Many people are attacking my SSH.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
opentaka
l33t
l33t


Joined: 18 Feb 2005
Posts: 840
Location: Japan

PostPosted: Thu Apr 28, 2005 11:39 pm    Post subject: Many people are attacking my SSH. Reply with quote

hi, I have sshd,ftpd opened for public which are used for my private purpose(and my friends)

ftpd, I have grepped log for failed logins, and there is only 2or 3 anonymous login attempts.

but after I have opened ssh, there is many attacks like in my log(grepped sshd from auth.log)
Code:

Apr 29 04:13:19 linux sshd[3225]: Invalid user fax from 218.49.183.117
Apr 29 04:13:23 linux sshd[3230]: Invalid user sandra from 218.49.183.117
Apr 29 04:13:27 linux sshd[3235]: Invalid user info from 218.49.183.117
Apr 29 04:13:31 linux sshd[3240]: Invalid user mike from 218.49.183.117
Apr 29 04:13:35 linux sshd[3245]: Invalid user testuser from 218.49.183.117
Apr 29 04:13:40 linux sshd[3250]: Invalid user mike from 218.49.183.117
Apr 29 04:14:03 linux sshd[3275]: Invalid user init from 218.49.183.117
Apr 29 04:14:08 linux sshd[3280]: Invalid user portmap from 218.49.183.117
Apr 29 04:14:15 linux sshd[3290]: Invalid user x from 218.49.183.117
Apr 29 04:14:20 linux sshd[3295]: Invalid user jas from 218.49.183.117


and so on,
(this is third time today, from different IP they are bruteforcing)

I have set "MaxAuthTries" to 3 but it looks like not working?
I want something like after 10invailid logins it bans or something.

me dont care if they bruteforce or not, me just care log is messed up.

any ideas?
_________________
"Being defeated is often a temporary condition. Giving up is what makes it permanent" - Marilyn vos Savant
Back to top
View user's profile Send private message
/dev/random
l33t
l33t


Joined: 26 Nov 2004
Posts: 704
Location: Austin, Texas, USA

PostPosted: Thu Apr 28, 2005 11:50 pm    Post subject: Reply with quote

Read the sticky thread i got hacked what were they up to? After about the first page or two they talk about these ssh attacks some people came up with very useful suggestions.
Back to top
View user's profile Send private message
adsmith
Veteran
Veteran


Joined: 26 Sep 2004
Posts: 1386
Location: NC, USA

PostPosted: Thu Apr 28, 2005 11:51 pm    Post subject: Reply with quote

honestly, if your password is strong and you don't have any leftover "test" users on your system, just ignore it.

Also, did you reload/restart sshd anfter changing that setting?
Back to top
View user's profile Send private message
opentaka
l33t
l33t


Joined: 18 Feb 2005
Posts: 840
Location: Japan

PostPosted: Fri Apr 29, 2005 12:23 am    Post subject: Reply with quote

ya might password is secure enough and I check log frequently, and there is no account like test or something, I keep track with that.

and my sshd_config is quite secure, except that i dont use private keys auth.(and not planning to)

#now i'm reading that topic
_________________
"Being defeated is often a temporary condition. Giving up is what makes it permanent" - Marilyn vos Savant
Back to top
View user's profile Send private message
tomk
Bodhisattva
Bodhisattva


Joined: 23 Sep 2003
Posts: 7221
Location: Sat in front of my computer

PostPosted: Fri Apr 29, 2005 12:37 am    Post subject: Reply with quote

Moved from Networking & Security, please follow up to this topic:

https://forums.gentoo.org/viewtopic-t-210585.html
_________________
Search | Read | Answer | Report | Strip
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum