As a newbie to this myself, I'm curious to know where you found that information (what logs). Thanks for the information. John Dangler GenoFit 800-505-4078 (Corporate) 386-767-3730 (Direct) www.genofit.com jdangler@xxxxxxxxxxx -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Randy Kelsoe Sent: Saturday, July 17, 2004 3:52 PM To: For users of Fedora Core releases Subject: Re: hack attempt on my server...What do you do about this? Jonathan T. Steadman wrote: >Sorry this is yet another lame question, but I am new to hosting web >server ect. just kinda experimenting actually and in my logs i came >across some garbage (its at the bottom of this email) what do you do >about this? Just let it be? inform ISP? wait and see if it is more >continuous? dont know the proper thing to do i guess just making sure >with you guys. > >Jul 17 14:42:24 localhost sshd[6746]: Illegal user test from >130.120.81.14 >Jul 17 14:42:26 localhost sshd[6746]: Failed password for illegal user >test from 130.120.81.14 port 48692 ssh2 >Jul 17 14:42:27 localhost sshd[6748]: Illegal user guest from >130.120.81.14 >Jul 17 14:42:30 localhost sshd[6748]: Failed password for illegal user >guest from 130.120.81.14 port 48753 ssh2 > > Block the ip address at the firewall. If you have firestarter installed (http://firestarter.sourceforge.net/ ), run it, go to the rules section, double-click on 'Blocked Hosts' and enter the ip (130.120.81.14). Since this is coming in through the 'Universite Pierre et Marie Curie' in France, I would block their whole IP range. Double-click on 'Blocked Hosts' and enter 130.120.0.0/16, and it will block all access from that University. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
