On Sun, Feb 19, 2012 at 09:17:01AM -0800, Denis Heidtmann wrote: > I did something stupid. Yesterday (Saturday) evening a window popped > up saying someone wanted to log in. I permitted it thinking it was my > son. Within two minutes I found out that it was not he, so I shut > down. > > This morning I perused the logs (network off). I found that on Friday > the auth.log shows many (over 300) messages such as: > > 23.19.81.173.rdns.ubiquity.io [23.19.81.173] failed - POSSIBLE BREAK-IN > ATTEMPT! > Feb 17 16:56:10 R2D4 sshd[2649]: Invalid user rookie from 23.19.81.173 > Feb 17 16:56:16 R2D4 sshd[2651]: reverse mapping checking getaddrinfo > for 23.19.81.173.rdns.ubiquity.io [23.19.81.173] failed - POSSIBLE > BREAK-IN ATTEMPT! > > Where "rookie" changed to many different names. > > Advice? Recognize that breakin attempts will happen, use good passwords, sleep easy.
Install something like fail2ban http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal to reduce log file clutter and lower the chance of your attacker getting lucky. -- Michael Rasmussen, Portland Oregon Other Adventures: http://www.jamhome.us/ or http://westy.saunter.us/ Fortune Cookie Fortune du jour: "The Omnivore's Dilemma" is a book so compelling that reading it changes your relationship to the physical world: Afterward, you simply can't ever again look at a can of Coke or a bag of Cheetos without shuddering as you contemplate the completely bonkers industrial food system that produced such modern artifacts. ~ Andrew Leonard _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug