Off topic: Hacker
Scot L. Harris
webid at cfl.rr.com
Mon Aug 15 15:32:03 UTC 2005
On Mon, 2005-08-15 at 11:11, Rick Lim wrote:
> Hi there,
>
> I know this is not the correct forum to ask this question, but I have to
> start somewhere.......
>
> I have a friend with a linux firewall box.
> There appears to be a very simple minded hacker trying to do simple ssh
> password attacks on this box.
>
> I have been using whois and reporting this to each ISP he/she is coming from
> but he/she just breaks into a different machine on an new ISP and tries
> again.
>
> Is there something more I can do to track this person down?
> Thanks.
>
This is most likely the standard script kiddie attack that virtually
everyone has seen if they have ssh open to the Internet.
Best course of action if you need ssh access is to make sure you have
disabled root login via ssh and restrict ssh access to a few specific
users. Make sure those users have good passwords, no names or
dictionary words, 10 or more characters, uses numbers and special
characters.
One alternative is to move the ssh port to a different port number.
This is not really a security change as any actual hacker will port scan
your IP and find it. But it will keep the script kiddies from filling
your log files up.
More information about the fedora-list
mailing list