[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Can't tell if I have been hacked :(



On Tue March 21 2006 7:54 am, Chasecreek Systemhouse wrote:
> On 3/20/06, Claude Jones <claude_jones levitjames com> wrote:
> > Just to add something to this discussion. Today, I've just noticed that
> > ssh has become disabled on two separate machines, one at home, and one at
> > my (snip) ...
>
> As root does the command `lastb` show that you've had tens of
> thousands of attempted log ins?
>
> The only recorded successful FC4 ssh break-in on a system I built
> showed up as tens of thousands of random ssh log-in failures within an
> hour.  When they hit 90,000 per hour the attacker got in.  They tried
> to install a ebay spammer and some other code they had ftp'ed in from
> S.America somewhere...
>
> Of course, the system was reformatted that same day.

Nope, but thanks for the suggestion. It was one of the first things I checked. 
I did have a fair number of log-in attempts, but, denyhosts kicks in after 
five unsuccessful user tries from an ip, and lists the intruder in hosts.deny 
- I have it configured to deny all to such intruders, not just ssh. 
When I say "fair number", I'm talking in the tens - not hundreds, not 
thousands...
-- 
Claude Jones
Bluemont, VA, USA


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]