Can't tell if I have been hacked :(
Claude Jones
claude_jones at levitjames.com
Tue Mar 21 13:36:46 UTC 2006
On Tue March 21 2006 7:54 am, Chasecreek Systemhouse wrote:
> On 3/20/06, Claude Jones <claude_jones at levitjames.com> wrote:
> > Just to add something to this discussion. Today, I've just noticed that
> > ssh has become disabled on two separate machines, one at home, and one at
> > my (snip) ...
>
> As root does the command `lastb` show that you've had tens of
> thousands of attempted log ins?
>
> The only recorded successful FC4 ssh break-in on a system I built
> showed up as tens of thousands of random ssh log-in failures within an
> hour. When they hit 90,000 per hour the attacker got in. They tried
> to install a ebay spammer and some other code they had ftp'ed in from
> S.America somewhere...
>
> Of course, the system was reformatted that same day.
Nope, but thanks for the suggestion. It was one of the first things I checked.
I did have a fair number of log-in attempts, but, denyhosts kicks in after
five unsuccessful user tries from an ip, and lists the intruder in hosts.deny
- I have it configured to deny all to such intruders, not just ssh.
When I say "fair number", I'm talking in the tens - not hundreds, not
thousands...
--
Claude Jones
Bluemont, VA, USA
More information about the fedora-list
mailing list