hack attempt on my server...What do you do about this?
Phil Dybvig
fedora at ducksoup.afree.net
Sat Jul 17 21:40:06 UTC 2004
This must be automated and/or a script kiddee. I have basically the same attack
from another machine: in /var/log/secure I have
Jul 15 13:03:49 mallard sshd[14051]: Illegal user test from 62.67.45.4
Jul 15 13:03:51 mallard sshd[14051]: Failed password for illegal user test from
62.67.45.4 port 50491 ssh2
Jul 15 13:03:53 mallard sshd[14053]: Illegal user guest from 62.67.45.4
Jul 15 13:03:55 mallard sshd[14053]: Failed password for illegal user guest from
62.67.45.4 port 50703 ssh2
Jul 15 13:03:56 mallard sshd[14055]: Illegal user admin from 62.67.45.4
Jul 15 13:03:58 mallard sshd[14055]: Failed password for illegal user admin from
62.67.45.4 port 50900 ssh2
Jul 15 13:03:59 mallard sshd[14057]: Illegal user user from 62.67.45.4
Jul 15 13:04:02 mallard sshd[14057]: Failed password for illegal user user from
62.67.45.4 port 51090 ssh2
Jul 15 13:04:05 mallard sshd[14059]: Failed password for root from 62.67.45.4 po
rt 51267 ssh2
Jul 15 13:04:09 mallard sshd[14061]: Failed password for root from 62.67.45.4 po
rt 51411 ssh2
I agree with Amadeus that this does not seem like a very sophisticated attack.
I think it is common to see this sort of stuff that shouldn't be there in logs
(including some times when there is a break-in). Machines are more secure than
they used to be (I have had a half-dozen break-ins over the years but no
apparent data loss in SUNs), but it still happens and it is prudent to back up
important user files frequently.
For security, the LinuxBenchmark.pdf document from www.cisecurity.org is a
useful start (although their suggested rpm -F is not a good way to get updates).
It is for an earlier RH version, but it is still useful for basic suggestions
about how to turn off unneeded services, close unused ports, check file
permissions, and the like.
-- Phil
More information about the fedora-list
mailing list