From owner-freebsd-questions@FreeBSD.ORG Sat Oct 22 14:08:55 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 719241065677 for ; Sat, 22 Oct 2011 14:08:55 +0000 (UTC) (envelope-from bruce@cran.org.uk) Received: from muon.cran.org.uk (muon.cran.org.uk [IPv6:2a01:348:0:15:5d59:5c40:0:1]) by mx1.freebsd.org (Postfix) with ESMTP id 2A6928FC15 for ; Sat, 22 Oct 2011 14:08:55 +0000 (UTC) Received: from muon.cran.org.uk (localhost [127.0.0.1]) by muon.cran.org.uk (Postfix) with ESMTP id 2612AE79F2; Sat, 22 Oct 2011 15:08:54 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cran.org.uk; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=mail; bh=QuiMVzNWpn4W 1cEmXYDGKZARe1k=; b=GXcu1s1Y/K6zSLn3tiPDteCcKnkYhQwP9iAMTfMVJJzQ CLFOWYkpqRfRS7OnrQ2dCN37FoHLJxgvywSm67is3OR8PgVk0Nq6gyNI7zWMp2P4 hvkunpPp+4br+5vxTCF0foXbff0PwH6/R8kWGP/6W4u5OhQSohKYgdO4rjTqY4g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=cran.org.uk; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=mail; b=Hsoz5O /0YjMN7OTr8uIkxhxC28csupUapvmXqfUGL9ado4Z1jPn9g3lFZr2MxMnl7c+YqP O2e72Amt72Bvk44MF1fcp9CiHZ42uLdGxa8enG2FSM/Ia0AmO22+Yy9fcrOZSxY1 0/ezNTElAKD9EBV+lFJc8ekWnAB7rurEbF8H4= Received: from [192.168.1.68] (188-220-36-32.zone11.bethere.co.uk [188.220.36.32]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by muon.cran.org.uk (Postfix) with ESMTPSA id F2ECCE7546; Sat, 22 Oct 2011 15:08:53 +0100 (BST) Message-ID: <4EA2CE72.5030202@cran.org.uk> Date: Sat, 22 Oct 2011 15:08:50 +0100 From: Bruce Cran User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: Admin ValhallaProjectet References: <000001cc90c0$a0c16050$e24420f0$@org> In-Reply-To: <000001cc90c0$a0c16050$e24420f0$@org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Breakin attempt X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Oct 2011 14:08:55 -0000 On 22/10/2011 14:43, Admin ValhallaProjectet wrote: > Apparently, I'm under some kind of attack, for the last 3 days. > > Lots of attempts to ssh in as root from many different IP addresses. > > No bruteforce attempts. > > > > Appreciate all ideas of how to proceed with this mather. > Keep calm and carry on? I suspect that these sorts of attacks are fairly normal if you're running ssh on the standard port. I used to have lots of 'break-in attempts' before I moved the ssh server to a different port. -- Bruce Cran