John DeStefano said the following on 9/14/2004 10:15 PM:
I've noticed a few posts over the past week or so regarding users'I've been getting this for weeks. They're all under APNIC, and emails to [EMAIL PROTECTED] involved networks has gone unanswered.
servers being probed by remote ssh attempts. Coincidentally (or
perhaps not so), around that time, I began getting quite a few records
of such attempts to my server, at the rate of about 3 tries per IP, and
about three IPs per night. Unfortunately, last night (Mon Sep 13),
this attack was much more concentrated and persistent: someone from (or
spoofing from) one IP (211.250.185.100) hammered my server with login
attempts over a 20-minute period. The last report I got was a final,
failed root password at 20:22:13 Eastern Time (GMT-5:00).
The easiest way to protect this is to check your sshd_config and set: PermitRootLogin no
Which, if you're exposed to the 'Net would be a sane practice--force people to log in as themselves and su (or sudo or sudoscript) to root.
Admittedly, I am not sure about the rest of your posting. When I run last, (on 4.10-STABLE) it shows logins back to the 1st of September.
Best, Glenn
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
