Re: illegal user logon
Dr Gavin Seddon wrote:
> Hi,
> I have noticed in my log there has been people trying to logon to my
> debian box. Is there any software available to stop this, or should I
> use pam to restrict access?
> Thanks.
There have been a large number of concerted brute-force ssh attacks in
recent months. Don't feel singled out.
enigma:~# grep Illegal /var/log/auth.log | wc -l
2528
That's for the last six days. These are coming from several different IPs.
enigma:~# awk '/Illegal/ {print $10}' /var/log/auth.log | sort -u | wc -l
17
Aside from other solutions, good password choosing is a must. I know a
guy who got his box broken into this way because (1) he was running an
ancient kernel with a local root exploit and (2) one of his local users
had the same username and password.
-Corey
Reply to: