Date: Fri, 12 Jan 2007 23:25:06 +0100 From: VeeJay <maanjee@gmail.com> To: "Reko Turja" <reko.turja@liukuma.net> Cc: FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: Re: Please Help! How to STOP them... Message-ID: <2cd0a0da0701121425r2db393b0n8f21289c0bd48970@mail.gmail.com> In-Reply-To: <01f401c73694$417d7830$0a0aa8c0@rivendell> References: <2cd0a0da0701121343g7fa2535fv4a7b201f5a03aff2@mail.gmail.com> <01f401c73694$417d7830$0a0aa8c0@rivendell>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Reko.... Just couple of more questions... On 1/12/07, Reko Turja <reko.turja@liukuma.net> wrote: > > From: "VeeJay" <maanjee@gmail.com> > To: <maanjee@gmail.com>; "FreeBSD-Questions" > <freebsd-questions@freebsd.org> > Sent: Friday, January 12, 2007 11:43 PM > Subject: Please Help! How to STOP them... > > > >I am reading many hundred lines similar to below mentioned? > > > > Could you please advise me what to do and how can I make my box more > > secure? > > > > Jan 9 17:54:42 localhost sshd[5130]: reverse mapping checking > > getaddrinfo > > for bbs-83-179.189.218.on-nets.com [218.189.179.83] failed - > > POSSIBLE > > BREAK-IN ATTEMPT! > > Jan 9 17:54:42 localhost sshd[5130]: Invalid user sysadmin from > > 218.189.179.83 > > It's basically just script kiddies trying to get in using some ready > made user/password pairs. > > Lots of info covering this has been posted in these newsgroups > previously, but some things you might consider > > Moving your sshd port somewhere else than 22 - the prepackaged > "cracking" programs don't scan ports, just blindly try out the default > port - with determined/skilled attacker it's different matter entirely > though. How to change the port from 22 to something other and in what range should I choose a number? Use some kind of portblocker (lots in ports tree) which closes the > port after predetermined number of attempts - or as an alternative, > use PF to close the port for IP's in question after predetermined > number of connection attempts in given time. Can you suggest such port which I should install to block these attempts? Use key based authentication and stop using passwords altogether. What do you mean here? Remember to keep ssh1 disabled as well as direct root access into ssh > from the ssh config file. How to disable SSH1 and How to stop direct root access into ssh, where to change? -Reko > > -- Thanks! BR / vj
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2cd0a0da0701121425r2db393b0n8f21289c0bd48970>