illegal user root user failed login attempts
Peter Kropholler
peterkropholler at mac.com
Tue May 17 22:19:52 PDT 2005
This link might help:
http://seclists.org/lists/incidents/2005/Feb/0004.html
Karol,
Thanks for this pointer.
There are two really important pieces of advice on that web page
which persuade me to ditch any thoughts of trying to determine
what passwords people are using with their illegal login scams:
1. it's probably illegal
2. it potentially gives hackers an excuse: someone else knew their
password?!
As things stand, ssh is designed so you can't get at people's passwords
and I am leaving it alone. Focussing instead on the task of making
sure my passwords are strong, limiting AllowUsers to specific users and
trusted ip addresses, and moving ssh off port 22.
Other advice I received was to consider logging ip addresses and
sending complaints to the relevant authorities: however I doubt that
there is very much point in doing so since my guess is that most
scams come from hacked machines anyway. Basically you never see
the same ip address twice.
many thanks
Peter K
More information about the freebsd-questions
mailing list