Re: NOUSER

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Vivek J. Patankar wrote:
> One of my servers has a public interface. It is hit by ssh login
> attempts on a daily basis and the count for that goes into the
> thousands per week. The usernames that have been tried are root,
> admin, administrator, etc.
>
> For the last could of weeks I have been getting a lot of login
> attempts for a user called "NOUSER". There were over 12000 during
> the week ending  5th August. The sources of the attempts are
> geographically distributed, Norway, US, Korea, Taiwan, India, etc.
> But the username is always the same, "NOUSER". I am guessing this
> is some kind of worm.
>
> Aug  6 17:57:57 <HOSTNAME> pam_tally[28966]: pam_tally:
> pam_get_uid; no such user NOUSER
>
> Has anybody else seen such activity or has more information about
> it? Anything I should worry about?
>
> If it matters, the box runs an up-to-date FC6.
>
Just some rules:

(1)  If you don't use SSH outside the company or school, BLOCK it
completely.  There are several examples of iptable rules and firewall
rules for this.

(2)  Keep secure passwords.  This means nothing easy to guess.
"password" and the like are ones to keep away from.

(3)  Keep an EYE on your box at all times.  Actually most of the
time.  It looks like you already are.

(4)  Most distros now ship with disallowing ROOT from directly SSHing
into the box.  But there are also other safeguards you can do.
http://www.openssh.com/

James

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFGuNzXkNLDmnu1kSkRAkftAJ9raavZIFJCW0qiy/PGXgCN/TWzXwCfcfUi
9GangwjkF4pOt1UHYPBgIg0=
=Ksyd
-----END PGP SIGNATURE-----

-- 
Scanned by ClamAV - http://www.clamav.net

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux