> If you want to inspect further, I would suggest you look at each of the > jobs being run. See if they are what you expect them to be. Also check > your /etc/crontab and /etc/anacrontab to see what is in them.
I would love to investigate further but I am afraid I am not inclined towards forensics ... lol ... I am an Aircraft Engineer by trade not a Computer Scientist ... :) ... I played around with sleuthkit but that confused the living hell out of me ... lol ... I don't even know what to look for ... The server I have is a small community/family server that gives wireless access to poor families ... > > As for the attacks - I've seen a big uptake in the attacks over the last > couple of weeks. The worst I've seen is > 100 IP's locked out in one 24 > hour period. They are coming from all over the world, although since > there are a lot of proxies (many of them from trojans/viruses installed > on unsuspecting machines), there's no easy way to tell what the real > origins are. It's astonishing how quick they can find an IP ... > I have permanently blocked the IP ranges of some of the worst offenders, > but the only real way to stop it is to take your machine off the > internet completely. > > Just ensure you're using good security practices - don't allow root > login, use long, random passwords, etc. I also use a random character > strings for the login ids, as well as passwords - just one more thing > for the hackers to have to figure out how to get around. That's the problem right there ... random passwords ... lol ... but I will have to adapt ... Thank You -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150109162948.GA17386@fever.havannah.local
