SSH hacked?
Lorenzo Luengo
lluengo at dgeo.udec.cl
Mon Jan 12 22:50:15 UTC 2009
Knapp escribió:
> Today I was sitting next to my computer and I could hear the HD going
> on and on, like I was doing a torrent or something. I was not doing
> anything, so I looked to see what was running in the background.
> Nothing like that was. Then I looked at my firewall and saw one
> connection that was uploading to my computer with ssh. At this point
> firestarted crashed so I could not copy down the senders address but
> it was odd and ended in www.?????????????.NL
>
> I have about 4 people that can use SSH with my computer and the whole
> system is set for using only gpg type passwords. So my questions are;
> How can I find out what was uploaded? How could I have been hacked?
> And, how can I stop it from happing again? For now the ssh port is
> closed. This is not a problem because it is only used about one time a
> quarter.
> Thanks!
I'd think of changing my password and installing fail2ban package, it' really useful to stop people that tries to break into your system by just hammering ports.
--
Lorenzo Luengo Contreras
Administrador de Sistemas DGEO
Universidad de Concepción
Concepción - Chile
+56-41-2207277
More information about the ubuntu-users
mailing list