SSH hacked?
Mark Haney
mhaney at ercbroadband.org
Tue Jan 13 14:47:40 UTC 2009
Lorenzo Luengo wrote:
> Knapp escribió:
>> Today I was sitting next to my computer and I could hear the HD going
>> on and on, like I was doing a torrent or something. I was not doing
>> anything, so I looked to see what was running in the background.
>> Nothing like that was. Then I looked at my firewall and saw one
>> connection that was uploading to my computer with ssh. At this point
>> firestarted crashed so I could not copy down the senders address but
>> it was odd and ended in www.?????????????.NL
>>
>> I have about 4 people that can use SSH with my computer and the whole
>> system is set for using only gpg type passwords. So my questions are;
>> How can I find out what was uploaded? How could I have been hacked?
>> And, how can I stop it from happing again? For now the ssh port is
>> closed. This is not a problem because it is only used about one time a
>> quarter.
>> Thanks!
> I'd think of changing my password and installing fail2ban package, it' really useful to stop people that tries to break into your system by just hammering ports.
>
I second this. I use fail2ban on 20+ servers and I know that any
unauthorized attempts will get stopped by iptables. I've yet to have it
fail on me.
--
Frustra laborant quotquot se calculationibus fatigant pro inventione
quadraturae circuli
Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415
Call (866) ERC-7110 for after hours support
More information about the ubuntu-users
mailing list