[PLUG] Break in attempt?
Michael Rasmussen
michael at jamhome.us
Sun Feb 19 18:53:02 UTC 2012
On Sun, Feb 19, 2012 at 09:17:01AM -0800, Denis Heidtmann wrote:
> I did something stupid. Yesterday (Saturday) evening a window popped
> up saying someone wanted to log in. I permitted it thinking it was my
> son. Within two minutes I found out that it was not he, so I shut
> down.
>
> This morning I perused the logs (network off). I found that on Friday
> the auth.log shows many (over 300) messages such as:
>
> 23.19.81.173.rdns.ubiquity.io [23.19.81.173] failed - POSSIBLE BREAK-IN ATTEMPT!
> Feb 17 16:56:10 R2D4 sshd[2649]: Invalid user rookie from 23.19.81.173
> Feb 17 16:56:16 R2D4 sshd[2651]: reverse mapping checking getaddrinfo
> for 23.19.81.173.rdns.ubiquity.io [23.19.81.173] failed - POSSIBLE
> BREAK-IN ATTEMPT!
>
> Where "rookie" changed to many different names.
>
> Advice?
Recognize that breakin attempts will happen, use good passwords, sleep easy.
Install something like fail2ban
http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal
to reduce log file clutter and lower the chance of your attacker getting lucky.
--
Michael Rasmussen, Portland Oregon
Other Adventures: http://www.jamhome.us/ or http://westy.saunter.us/
Fortune Cookie Fortune du jour:
"The Omnivore's Dilemma" is a book so compelling that reading it changes
your relationship to the physical world: Afterward, you simply can't
ever again look at a can of Coke or a bag of Cheetos without shuddering
as you contemplate the completely bonkers industrial food system that
produced such modern artifacts.
~ Andrew Leonard
More information about the PLUG
mailing list