[Fedora] hack attempt on my server...What do you do about this?
Ashley M. Kirchner
ashley at pcraft.com
Sat Jul 17 19:52:33 UTC 2004
Jonathan T. Steadman wrote:
>...and in my logs i came
>across some garbage (its at the bottom of this email) what do you do
>about this? Just let it be? inform ISP? wait and see if it is more
>continuous? dont know the proper thing to do i guess just making sure
>with you guys.
>
>Jul 17 14:42:24 localhost sshd[6746]: Illegal user test from
>130.120.81.14
>
>
It's originating from a machine in France, or at least the IP is
(the person could be sitting in your basement, and using a machine in
France for that matter.) Whether you want to take it up with Centre
Interuniversitaire de Calcul de Toulouse, who owns that IP range, is up
to you, but chances are nothing will come of it.
My approach to things like this is to check for repeat occurrences.
If I get repeats, I stick the IP in hosts.deny and let them have it.
And if I found out they're using an entire range of IPs, that entire
range will get blocked as well. For example, I have absolutely no
problem what so ever blocking the entire network belonging to Media
Dream Land (69.42.96.0/19), who are just a big ass spamming network.
You can all start flaming me now.
--
W | I haven't lost my mind; it's backed up on tape somewhere.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ashley at pcraft.com> . 303.442.6410 x130
IT Director / SysAdmin / WebSmith . 800.441.3873 x130
Photo Craft Laboratories, Inc. . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
More information about the fedora-list
mailing list