Off topic: Hacker
Andy Green
andy at warmcat.com
Mon Aug 15 15:37:07 UTC 2005
> Most probably some virus or other which has claimed another brain-dead
> victim (known as Windows users). The IP is most likely false. If you're
> that concerned, switch off ssh.
Since it's a TCP connection to ssh, the IPs will be real.
These are automated attacks coming from all around as Mike said, there
is no "person". They won't be stopping any time soon and will probably
only increase in sophistication.
Best plan is to get your friend to move his ssh port off 22. That will
really make it difficult to attack him, since they no longer have the
free information that 22 is the port and ssh is the protocol.
Edit /etc/ssh/sshd_config and change
Port 22
to some other number, then
service sshd restart
update any holes in firewalls accordingly: you can do it by hand with
(eg, for port 5678)
iptables -I INPUT -p tcp --dport 5678 -j ACCEPT
service iptables save
-Andy
More information about the users
mailing list