On Apr 7, 2005 10:49 AM, Paul Howarth <paul@xxxxxxxxxxxx> wrote: > On Thu, 2005-04-07 at 09:14 +0300, Dotan Cohen wrote: > > As I'm still new to linux I like to open things and see what they are > > / do. So I opened the KDE System Logs program, clicked on over to > > Security logs, and found a bunch of these: > > > > Apr 4 02:15:03 localhost sshd[26567]: Failed password for invalid > > user test from ::ffff:219.238.239.10 port 3429 ssh2 > > This is a script kiddie trying to crack passwords on your ssh server. > > > and these: > > > > Apr 5 04:47:24 localhost sshd[7287]: reverse mapping checking > > getaddrinfo for h169-210-68-8.adcast.com.tw failed - POSSIBLE BREAKIN > > ATTEMPT! > > This is because reverse DNS for 210.68.8.169 (source of one of the > script kiddie attacks) points to the hostname > h169-210-68-8.adcast.com.tw but that name does not resolve. Not terribly > uncommon with incompetent ISPs. > > > and many more like it. Is this something to worry about? > > Yes it is, but it's nothing personal. Everyone running a ssh server that > isn't firewalled off except for specific IPs is probably getting them. I > know I am. > > Suggestions: > > 1. Disable root logins in ssh (you can still log in as a regular user > and use "su") by putting "PermitRootLogin no" in /etc/ssh/sshd_config. > > 2. Make sure you use strong passwords for *all* accounts. > > 3. Consider turning off password authentication altogether and using > certificates instead. > > > Chkrootkit > > didn't find anything suspicious, so that makes me feel a little > > better, but as I am unable to start firestarter I am a little nervous. > > > > By the way, what is the difference between chkrootkit and chkrootkitX? > > They both run in the terminal (I thought that chkrootkitX would open > > up in a gui or something). > > Don't know; I've never used chkrootkit. > > > Is it unsafe to put a copy of the log on my site and post a link to it > > here? it spans about 1500 lines, so I do not want to email it to the > > list. > > Probably fairly safe but not very useful. > > Paul. > -- > Paul Howarth <paul@xxxxxxxxxxxx> > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list > Thanks. I tryed to edit /etc/ssh/sshd_config and found that it is either empty or does not exist. In emacs i just get a blank screen. So maybe I don't even have ssh on this computer? I did a FC3 desktop installation. > 2. Make sure you use strong passwords for *all* accounts. Check! > 3. Consider turning off password authentication altogether and using > certificates instead. I will look into this. As far as I can see, I would need to purchase a certificate? I have never logged into this machine from outside, but I would like to leave that option open. Thanks Paul. Dotan Cohen http://Liriks-Song.com/ http://Song-Lyriks.com/