Re: [ilugd] Someone trying to break pass mine server pl. help
in infinite wisdom abhishek jain spoke thus on 04/10/06 10:32: > Dear Frirends, > Pl. help , I am receving the cron email from mine server with the following > result from the last few days. Someone is running a bot trying to see if you are using weak user/password. There are 4 ways to stop this (that I know of) - disable password logins and just use ssh keys for login - run ssh on some different port - use port knocking for ssh (http://blog.andrew.net.au/2005/02/16#ipt_recent_and_ssh_attacks) - use DenyHosts (http://denyhosts.sourceforge.net/) if you cannot do the others -- _.-, raj shekhar .--' '-._ http://rajshekhar.net _/`- _ '. http://rajshekhar.net/blog ''._`.. \ ` \; WE APOLOGIZE FOR THE INCONVENIENCE ;_\-- God's Last Message to his Creation ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Someone trying to break pass mine server pl. help
run #tail -f /var/log/message and #tail -f /var/log/secure and see the out put... Thanks -Manish Popli On 4/10/06, abhishek jain <[EMAIL PROTECTED]> wrote: > > Dear Frirends, > Pl. help , I am receving the cron email from mine server with the > following > result from the last few days. > > Day 1: > crond: > Unknown Entries: > session closed for user root: 103 Time(s) > session opened for user root by (uid=0): 102 Time(s) > session closed for user drweb: 40 Time(s) > session opened for user drweb by (uid=0): 40 Time(s) > > sshd: > Authentication Failures: > unknown (210.77.121.246): 1215 Time(s) > root (210.77.121.246): 229 Time(s) > postgres (210.77.121.246): 37 Time(s) > news (210.77.121.246): 20 Time(s) > mysql (210.77.121.246): 13 Time(s) > bin (210.77.121.246): 11 Time(s) > ftp ( 210.77.121.246): 11 Time(s) > mail (210.77.121.246): 11 Time(s) > rpm (210.77.121.246): 11 Time(s) > games (210.77.121.246): 10 Time(s) > ... > ... > Invalid Users: > Unknown Account: 1218 Time(s) > > > - Connections (secure-log) Begin > > > > Connections: > Service ftp: >: 1 Time(s) > Service poppassd: > 82.82.100.96: 5 Time(s) > > -- Connections (secure-log) End > - > > > - SSHD Begin > > > Failed logins from these: > adm/password from ::: 210.77.121.246: 7 Time(s) > apache/password from :::210.77.121.246: 8 Time(s) > bin/password from :::210.77.121.246: 11 Time(s) > daemon/password from :::210.77.121.246: 3 Time(s) > ftp/password from :::210.77.121.246: 11 Time(s) > games/password from :::210.77.121.246: 10 Time(s) > .. > .. > > **Unmatched Entries** > Invalid user fluffy from :::210.77.121.246 > Invalid user fluffy from :::210.77.121.246 > Invalid user fluffy from ::: 210.77.121.246 > Failed password for invalid user fluffy from :::210.77.121.246 port > 48294 ssh2 > Failed password for invalid user fluffy from :::210.77.121.246 port > 48314 ssh2 > Failed password for invalid user fluffy from :::210.77.121.246 port > 48333 ssh2 > Invalid user admin from :::210.77.121.246 > Invalid user admin from :::210.77.121.246 > Invalid user admin from :::210.77.121.246 > Failed password for invalid user admin from :::210.77.121.246 port > 48406 > ssh2 > Failed password for invalid user admin from :::210.77.121.246 port > 48423 > ssh2 > Failed password for invalid user admin from :::210.77.121.246 port > 48445 > ssh2 > Invalid user test from :::210.77.121.246 > Invalid user test from :::210.77.121.246 > Invalid user test from ::: 210.77.121.246 > Failed password for invalid user test from :::210.77.121.246 port > 48513 > ssh2 > .. > ... > > > > > Similar was for other days but the IPs were different. Other day that were > 209.137.192.40 > > > I do not know how to protect mine Server. Pl. help me. I have Plesk+RHEL . > Thanks for your time and effort. > -- > Regards > Abhishek Jain > ___ > ilugd mailinglist -- ilugd@lists.linux-delhi.org > http://frodo.hserus.net/mailman/listinfo/ilugd > Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi > http://www.mail-archive.com/ilugd@lists.linux-delhi.org/ > > -- Manish Popli ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Linux is a BIG hit in India
On 4/9/06, Ajit Ranade <[EMAIL PROTECTED]> wrote: > > http://in.rediff.com/money/2006/apr/08spec.htm > > there is no doubt that linux will flourish more and there was no doubt before also. Regards Ankush Grover ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
[ilugd] Someone trying to break pass mine server pl. help
Dear Frirends, Pl. help , I am receving the cron email from mine server with the following result from the last few days. Day 1: crond: Unknown Entries: session closed for user root: 103 Time(s) session opened for user root by (uid=0): 102 Time(s) session closed for user drweb: 40 Time(s) session opened for user drweb by (uid=0): 40 Time(s) sshd: Authentication Failures: unknown (210.77.121.246): 1215 Time(s) root (210.77.121.246): 229 Time(s) postgres (210.77.121.246): 37 Time(s) news (210.77.121.246): 20 Time(s) mysql (210.77.121.246): 13 Time(s) bin (210.77.121.246): 11 Time(s) ftp ( 210.77.121.246): 11 Time(s) mail (210.77.121.246): 11 Time(s) rpm (210.77.121.246): 11 Time(s) games (210.77.121.246): 10 Time(s) ... ... Invalid Users: Unknown Account: 1218 Time(s) - Connections (secure-log) Begin Connections: Service ftp: : 1 Time(s) Service poppassd: 82.82.100.96: 5 Time(s) -- Connections (secure-log) End - - SSHD Begin Failed logins from these: adm/password from ::: 210.77.121.246: 7 Time(s) apache/password from :::210.77.121.246: 8 Time(s) bin/password from :::210.77.121.246: 11 Time(s) daemon/password from :::210.77.121.246: 3 Time(s) ftp/password from :::210.77.121.246: 11 Time(s) games/password from :::210.77.121.246: 10 Time(s) .. .. **Unmatched Entries** Invalid user fluffy from :::210.77.121.246 Invalid user fluffy from :::210.77.121.246 Invalid user fluffy from ::: 210.77.121.246 Failed password for invalid user fluffy from :::210.77.121.246 port 48294 ssh2 Failed password for invalid user fluffy from :::210.77.121.246 port 48314 ssh2 Failed password for invalid user fluffy from :::210.77.121.246 port 48333 ssh2 Invalid user admin from :::210.77.121.246 Invalid user admin from :::210.77.121.246 Invalid user admin from :::210.77.121.246 Failed password for invalid user admin from :::210.77.121.246 port 48406 ssh2 Failed password for invalid user admin from :::210.77.121.246 port 48423 ssh2 Failed password for invalid user admin from :::210.77.121.246 port 48445 ssh2 Invalid user test from :::210.77.121.246 Invalid user test from :::210.77.121.246 Invalid user test from ::: 210.77.121.246 Failed password for invalid user test from :::210.77.121.246 port 48513 ssh2 .. ... Similar was for other days but the IPs were different. Other day that were 209.137.192.40 I do not know how to protect mine Server. Pl. help me. I have Plesk+RHEL . Thanks for your time and effort. -- Regards Abhishek Jain ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
[ilugd] exim configuration
Hi All, Need some help in configuring a exim installation. I'm trying to configure exim such that all incoming and outgoing mails is to be copied to a specific email ID. For example, for a domain called www.domain.com hosted on a linux server, I need all outgoing and incoming mails to be copied to [EMAIL PROTECTED] The closest thing to this that google threw up was, http://www.devco.net/archives/2006/03/24/saving_copies_of_all_email_using_exim.php Would appreciate if anyone could point out how I could go from the above link to enabling the system for my requirement. Best regards, Akshay ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Nokia phone and Reliance connect
in infinite wisdom Sudev Barar spoke thus On 04/06/2006 11:44 AM: > Gurus and bhkats of Linux, > > I am not able to connect through Nokia phone to internet. The phone is > connected to laptop using DKU5 cable that is supplied. One of my colleagues is using a Reliance Nokia phone to connect to the net. I am appending his reply below. Hi Raj , Add this to /etc/wvdial.conf i am using Nokia 2112 with ca-42 cable . (though dku5 was recommaned cable :-D ) [EMAIL PROTECTED]:~/dev/prg$ cat /etc/wvdial.conf [Dialer Defaults] Modem = /dev/ttyACM0 #Baud = 115200 Baud = 230400 #Carrier Check = no Init = ATZ Init2= AT+crm=1 Init3= AT+cso=33 FlowControl = CRTSCTS Dial Command = ATDT Phone = #777 Type = USB Modem Stupid Mode= 1 Username = 9342xxx Password = 9342 Auto DNS = 1 -- _.-, raj shekhar .--' '-._ http://rajshekhar.net _/`- _ '. http://rajshekhar.net/blog ''._`.. \ ` \; WE APOLOGIZE FOR THE INCONVENIENCE ;_\-- God's Last Message to his Creation ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/