intrusion detected
Matt Patterson
matt at v8zman.com
Tue Aug 9 13:10:58 UTC 2005
I should have thought of that. I do have a seperate firewall and port 22
is the only one open to the outside world, but I have noticed a lot of
interest in that port from my auth log. I have thought about changing
ports but havent bothered because I use a good password on the only real
username, root is disabled through ssh, and no other username is allowed
an interactive login.
Thanks for the idea,
Matt
djmadkins wrote:
>For your specific ssh problem I have found a very good solution if you
>need to access SSH over the internet.
>
>
>
>I like to play with my home PC from work (which is boring) by
>connecting to my second display using vnc over ssh (putty) and
>publickey authentication, this way I can run my desktop at a
>surprisingly good speed. Even with this I still get "leEt Hax0Rs"
>trying to get into my ssh port. The solution:
>
>
>
>I use DenyHosts to scan my auth.log file every 5 minutes via cron. If
>it detects 5 incorrect login attempts from an IP it adds an SSH deny
>entry to hosts.deny which prevents that IP from connecting at all (via
>ssh). If I was paranoid I could have it issue a deny ALL instead of
>just ssh.
>
>
>
>The program is very configurable and can notify you (either via email
>or output to a file of your choosing).
>
>
>
>google DenyHosts for more information. This is a Python script if your
>familiar with that.
>
>
>
>
More information about the ubuntu-users
mailing list