How should I react to break in attempts

Jan Morales jan at geezjan.org
Fri Apr 8 14:40:46 UTC 2005


Yesterday a single host out there made over 300 attempts to login to 
sshd on my server. My feeling is that I can't stop people from trying, 
so my only goal is to prevent them from succeeding. Use a firewall 
and/or iptables or similar things, lock out unused logins, use good 
passwords on active logins, kill unnecessary services, stay up to date 
on security updates, etc. Someone once said that the only way to 
absolutely guarantee a computer's security is to unplug it. Short of 
that, approach computer security diligently, because people out there 
will try to break in.

Arthur Pemberton wrote:
> I'm gettign mail from logwatch as to the following:
> 
> root (en201247.uac63.hknet.com): 3 Time(s)
> 
> 
> What's my best plan of action to respond to such? Yes I root logins via 
> sshd disabled.
> 
> Thanks for the advice.
> 
> 




More information about the fedora-list mailing list