On Tue March 21 2006 7:54 am, Chasecreek Systemhouse wrote: > On 3/20/06, Claude Jones <claude_jones@xxxxxxxxxxxxxx> wrote: > > Just to add something to this discussion. Today, I've just noticed that > > ssh has become disabled on two separate machines, one at home, and one at > > my (snip) ... > > As root does the command `lastb` show that you've had tens of > thousands of attempted log ins? > > The only recorded successful FC4 ssh break-in on a system I built > showed up as tens of thousands of random ssh log-in failures within an > hour. When they hit 90,000 per hour the attacker got in. They tried > to install a ebay spammer and some other code they had ftp'ed in from > S.America somewhere... > > Of course, the system was reformatted that same day. Nope, but thanks for the suggestion. It was one of the first things I checked. I did have a fair number of log-in attempts, but, denyhosts kicks in after five unsuccessful user tries from an ip, and lists the intruder in hosts.deny - I have it configured to deny all to such intruders, not just ssh. When I say "fair number", I'm talking in the tens - not hundreds, not thousands... -- Claude Jones Bluemont, VA, USA
