Yesterday a single host out there made over 300 attempts to login to
sshd on my server. My feeling is that I can't stop people from trying,
so my only goal is to prevent them from succeeding. Use a firewall
and/or iptables or similar things, lock out unused logins, use good
passwords on active logins, kill unnecessary services, stay up to date
on security updates, etc. Someone once said that the only way to
absolutely guarantee a computer's security is to unplug it. Short of
that, approach computer security diligently, because people out there
will try to break in.
Arthur Pemberton wrote:
I'm gettign mail from logwatch as to the following:
root (en201247.uac63.hknet.com): 3 Time(s)
What's my best plan of action to respond to such? Yes I root logins via
sshd disabled.
Thanks for the advice.
