[PLUG] Break in attempt?

Michael Rasmussen michael at jamhome.us
Sun Feb 19 18:53:02 UTC 2012


On Sun, Feb 19, 2012 at 09:17:01AM -0800, Denis Heidtmann wrote:
> I did something stupid. Yesterday (Saturday) evening a window popped
> up saying someone wanted to log in.  I permitted it thinking it was my
> son.  Within two minutes I found out that it was not he, so I shut
> down.
> 
> This morning I perused the logs (network off).  I found that on Friday
> the auth.log shows many (over 300) messages such as:
> 
> 23.19.81.173.rdns.ubiquity.io [23.19.81.173] failed - POSSIBLE BREAK-IN ATTEMPT!
> Feb 17 16:56:10 R2D4 sshd[2649]: Invalid user rookie from 23.19.81.173
> Feb 17 16:56:16 R2D4 sshd[2651]: reverse mapping checking getaddrinfo
> for 23.19.81.173.rdns.ubiquity.io [23.19.81.173] failed - POSSIBLE
> BREAK-IN ATTEMPT!
> 
> Where "rookie" changed to many different names.
> 
> Advice?
 
Recognize that breakin attempts will happen, use good passwords, sleep easy.

Install something like fail2ban 
  http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal
to reduce log file clutter and lower the chance of your attacker getting lucky.


-- 
            Michael Rasmussen, Portland Oregon  
      Other Adventures: http://www.jamhome.us/ or http://westy.saunter.us/
Fortune Cookie Fortune du jour:
"The Omnivore's Dilemma" is a book so compelling that reading it changes
your relationship to the physical world: Afterward, you simply can't
ever again look at a can of Coke or a bag of Cheetos without shuddering
as you contemplate the completely bonkers industrial food system that
produced such modern artifacts.
	~  Andrew Leonard



More information about the PLUG mailing list