Re: attempts to hack in?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 29 Jun 2017 22:28:28 -0000
"William Mattison" <mattison.computer@xxxxxxxxx> wrote:

> Good afternoon,
> 
> (f25 home workstation)
> 
> While looking at journalctl output yesterday and today for other
> reasons (separate thread), I saw many "authentication failure"
> messages, over half also saying "user=root".  I also saw many
> "password check failed for user (root)" messages.  I saw many unknown
> user login attempts, and a few invalid user login attempts, and some
> attempts using one of the valid regular user names.  Why?  I am not
> yet good at reading journalctl output, so I don't know if these
> connection attempts are coming from "outside" or within this system.
> I don't know if I should be concerned or not.  I do not intend anyone
> or anything to be able to get in to this system except for things
> that I initiate (examples: Firefox activity, Thunderbird activity,
> "dnf upgrade", installs, etc.).  And it doesn't make sense to me that
> any of those would be trying to log in to this system to do what I
> want.  I also don't see why anything on this system would try to log
> in to this same system except me personally (su, sudo, and actual
> logins).  I am the only actual user.
>
> What's going on?  How do I determine where they're coming from?  Is
> there really someone or something trying to hack in?  If no, what
> really is going on?


I'd say someone is trying to target your system.  I used to see a lot
of this kind of thing, except it was targeted against known window's
exploits.  I wonder if your windows installation was compromised, and
they then found that you run linux, and are now trying to break into
your linux box.  Or they could just have searched for sshd responses,
and then targeted them.

Is your access wired or wireless?  I think wireless access points are
public, so your neighbors will be able to find it.  I don't know enough
about wireless to know whether they can then initiate attacks against
your system.
If your access is wired, do you have a router?  That can provide a
hardware barrier to these kinds of attacks, a good first line of
defense.
Have you got all internet services turned off?  You should for sure
disable sshd since there is no reason for anyone to remotely access
your computer.
systemctl stop sshd
systemctl mask sshd
Same with httpd, if it is running in some flavor, you don't need a web
server.
Have you got a strong root password?
A strong user password?
Make sure that /etc/firewalld/firewalld.conf has zone set to public.
Have you hardened your browser with privacy and security settings?

This is a big topic, it will take a lot of research on your part to
understand and feel comfortable with your security, if you choose to
go there. But the above should harden you to a point where it will be
difficult to exploit you.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux