hack attempt on my server...What do you do about this?
Nifty Hat Mitch
mitch48 at sbcglobal.net
Wed Jul 21 02:43:26 UTC 2004
On Sat, Jul 17, 2004 at 08:41:28PM -0400, John Dangler wrote:
> Clifford~
> Thanks for the reply.
> rpm-qa|grep logwatch reveals:
> logwatch-5.1.3
>
> I haven't started looking at the 'root' mail yet, since I haven't figured a
> way to get the email client to read the root from the local system.
> I did find the man page on logwatch and am reading up on it.
>
> Thanks for the tip!
If I recall there was an attack against protocol 1 that
many scrip kiddies use. I currently specify only protocol
two for my incoming ssh connections.
When you get probed from a network, continent, country or domain that
you do not want or expect to connect to -- block it.
Also get in the habit of removing the word 'welcome' from
login screens (/etc/issue, /etc/motd, etc). Use "Access by invitation only"
or some such less inviting message.
--
T o m M i t c h e l l
/dev/dull where insight begins.
More information about the users
mailing list