Date: Sun, 8 Aug 2004 10:52:36 +0200 From: Morten Liebach <m@mongers.org> To: FreeBSD Questions <questions@freebsd.org> Subject: Re: Hacker Scans - Advice requested Message-ID: <20040808085258.GB2352@mongers.org> In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAhdeYsBRyHkSJ5HKC20bRU8KAAAAQAAAAsedKuxZVrEumlOCT326K9AEAAAAA@orion.org.uk> References: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAhdeYsBRyHkSJ5HKC20bRU8KAAAAQAAAAsedKuxZVrEumlOCT326K9AEAAAAA@orion.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2004-08-08 06:16:19 +0100, Mike Bruce wrote: > Please can you help me? > > I am getting increasingly plagued by this message in my security log on > my V4 installations of FreeBSD > > 06:48:53 mail sshd[18617]: Failed password for illegal user admin from > 210.3.4.71 port 39741 ssh2 Aug 7 You're far from alone. Eg. see: http://www.securityfocus.com/archive/75/371086/2004-08-05/2004-08-11/1 > Is there any way that this can be prevented without impairing the > services provided by the operating system. I only allow publickey/skey logins, so I felt pretty safe, but got tired of looking at the logs, so I moved the sshd to a random high port. Then you can append something like this to ~/.ssh/config: Host short Hostname short.verylongdomainname-or-impossibletorememberIP.tld Port 43462 User your-mom Now you can just do 'ssh short' and it'll use the right portnumber and username and dnsname (it could bbe an IP address too). Or, as another poster said, just firewall it away, or even use a combination. Have a nice day Morten -- http://m.mongers.org/ -- http://gallery.zentience.org/ __END__
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040808085258.GB2352>