Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 06 Aug 2004 16:18:30 -0500
From:      mazpe <mazpe@mazpe.net>
To:        "James A. Coulter" <jacoulter@jacoulter.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Newbie Security Question
Message-ID:  <1091826682.901.15.camel@cyrus.clearvisiontech.com>
In-Reply-To: <20040806132601.GA3043@sara.mshome.net>
References:  <20040806132601.GA3043@sara.mshome.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Hello James:

Thats just letting you know that someone from that IP Address tried to
access your system using the root account and the password they provided
failed to authenticate.

Could've been an ssh scanner or something of that nature.

Most likely script kiddies.  

Make sure you do not allow root to login via ssh by setting your
sshd_config PermitRootLogin no.

Use sudo or su - instead.

or you can always use key-based authentication.


Lester A. Mesa
aka: mazpe
-----------------------------------------------------------------

On Fri, 2004-08-06 at 08:26, James A. Coulter wrote:
> I recently got my firewall up and configured (many thanks to JJB and everyone else for their help) and have been reading the daily security message from root with a great deal of interest.
> 
> My question is, when I see entries like this:
> 
> Aug  5 17:55:54 sara sshd[2099]: Failed password for root from 209.120.224.13
> +port 40515 ssh2
> Aug  5 17:55:55 sara sshd[2101]: Failed password for root from 209.120.224.13
> +port 60426 ssh2
> Aug  5 17:55:55 sara sshd[2103]: Failed password for root from 209.120.224.13
> +port 54447 ssh2
> Aug  5 17:55:59 sara sshd[2105]: Failed password for root from 209.120.224.13
> +port 44460 ssh2
> 
> is it safe to assume someone has been trying to hack my system?
> 
> I did a whois search on the IP and it went to a provider in Colorado.
> 
> I'm asking because I'm curious - thanks again for everyone's help.
> 
> Jim C.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1091826682.901.15.camel>