[PLUG] Break-in attempt

Mike Connors mconnors1 at gmail.com
Mon Feb 20 20:25:02 UTC 2012


>
> I think the core of my question is what is the likely result of my
> saying YES to the login request?  I appreciate the advice on keeping
> the machine secure and keeping the bad guys out, but right now my
> concern is that a bad guy has already gotten in.  If not, then I can
> see about keeping them out.  If yes, how do I know and what do I do to
> send him away?  I am taking my machine off-line all the time now,
> except to occasionally read and send messages like this one.
>

Denis - This is a brute force scripted attack on the well-known SSH port.
Any system that has a public ip address is very likely to see this type of
activity.

The only way you can say "YES" to the login request is if the SSH password
is guessed. So as someone mentioned use a strong password and change it
every now and then.

There's also the practice of port knocking.
http://www.marksanborn.net/linux/add-port-knocking-to-ssh-for-extra-security/


Routinely looking through your logs and running malware checks is a good
way to know if a bad guy has gotten in because that's what scripted attacks
do. They're looking for easy openings to install software to zombify your
machine for a botnet.

Unless you have some really valuable information on this computer it's
highly unlikely that it's a target attack by highly skilled cracker (bad
guy)...



More information about the PLUG mailing list