hack attempt on my server...What do you do about this?
Randy Kelsoe
randykel at swbell.net
Sat Jul 17 19:51:36 UTC 2004
Jonathan T. Steadman wrote:
>Sorry this is yet another lame question, but I am new to hosting web
>server ect. just kinda experimenting actually and in my logs i came
>across some garbage (its at the bottom of this email) what do you do
>about this? Just let it be? inform ISP? wait and see if it is more
>continuous? dont know the proper thing to do i guess just making sure
>with you guys.
>
>Jul 17 14:42:24 localhost sshd[6746]: Illegal user test from
>130.120.81.14
>Jul 17 14:42:26 localhost sshd[6746]: Failed password for illegal user
>test from 130.120.81.14 port 48692 ssh2
>Jul 17 14:42:27 localhost sshd[6748]: Illegal user guest from
>130.120.81.14
>Jul 17 14:42:30 localhost sshd[6748]: Failed password for illegal user
>guest from 130.120.81.14 port 48753 ssh2
>
>
Block the ip address at the firewall. If you have firestarter installed
(http://firestarter.sourceforge.net/ ), run it, go to the rules section,
double-click on 'Blocked Hosts' and enter the ip (130.120.81.14). Since
this is coming in through the 'Universite Pierre et Marie Curie' in
France, I would block their whole IP range. Double-click on 'Blocked
Hosts' and enter 130.120.0.0/16, and it will block all access from that
University.
More information about the fedora-list
mailing list