Re: attempts to hack in?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Fri, Jun 30, 2017 at 9:36 AM, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:
It's not necessarily a target on *you*, but very probably it's just
targeting any computer that responds to them.  Poke, get a response,
keep prodding...

Yeah, pretty much all of this is totally automated these days. There are programs out there that just probe the entire IP address space looking for exposed ssh servers, and when one is found, a list of account name/password combinations is tried. They are looking for *very* low-hanging fruit. If any login attempt actually succeeds, it is reported for further investigation. 

If you have an exposed ssh server, you will see this kind of doorknob-rattling. I get around it in one of four ways: 1) Turn off sshd if I don't really need it on a given system; 2) Use firewall rules to allow access only from certain known remote locations (so I can get into my home system from my desktop at work, for instance); 3) run sshd on a non-standard port (won't stop the serious bad guys, but is usually good enough to stop the automated doorknob-rattlers); and 4) If you really have to have an ssh server that allows access from unknown remote locations, run something like fail2ban that at least automatically blocks them if they try too often from the same place. And the most important thing is, any of these defenses can fail if you make a mistake configuring them (won't happen because we're all perfect, right? :-) , so the most important thing you can do is use strong passwords so that the brute force guessing cannot succeed.

--Greg

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux