Re: Never Hacked or Infected--Yet (Was: Re: End of life for FC12?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

to, 2010-11-11 kello 14:28 +0800, Ed Greshko kirjoitti:
> On 11/11/2010 02:19 PM, Patrick Bartek wrote:
> > --- On Wed, 11/10/10, Andras Simon <szajmi@xxxxxxxxx> wrote:
> >
> >> I hope that you're not deluding yourself...
> > Why would you think I am?
> >
> >
> Because it is whole lot of "fun" to play the speculation game....  Some
> people have too much time on their hands....
> 
> 

I think this question shouldn't be associated only with someone's
speculation or paranoia. This is a typical entries from logwatch reports
on my machine:
--------------------- pam_unix Begin ------------------------ 

 dovecot:
    Authentication Failures:
       web6p5 rhost=178.77.68.97 : 242 Time(s)
       web7p1 rhost=178.77.68.97 : 239 Time(s)
       web6p4 rhost=178.77.68.97 : 238 Time(s)
       web6p3 rhost=178.77.68.97 : 235 Time(s)
       web6p2 rhost=178.77.68.97 : 232 Time(s)
.....
sshd:
    Authentication Failures:
       unknown (mail.access350.co.ke): 845 Time(s)
       root (222.33.56.100): 800 Time(s)
 vsftpd:
    Authentication Failures:
       Administrator rhost=ns.medicalyohin.com : 2283 Time(s)
       admin rhost=ns.medicalyohin.com : 2283 Time(s)
    Password Failures:
       user unknown: 4566 Time(s)

Also there's a lot of 404-error messages from httpd, when somebody
(something?) looked for mysql or phpmyadmin web-cinfiguration:
--------------------- httpd Begin ------------------------
......
//php-my-admin/config/config.inc.php?p=phpinfo();
.....

When I first saw it all I was scared that occasionally THEY will guess
root passwd and will take control over my machine. So, I did a bit of
modification of stock configuration (i.e. ssh root login is now
forbidden, every user on the system has strong passwd, phpmyadmin is
uninstalled, system is always up-to-date and so on). Probably I should
also configure rkhunter or sshd to allow only 3 authentication failures
before blacklisting the intruder IP. Anyway, this topic is not a joke!
THEY ARE hunting for us!
-- 
Never trust an operating system you don't have sources for. ;-)
	-- Unknown source


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux