Re: My machine was hacked - possibly via sshd?

Malcolm Ferguson wrote:

All,
My machine was cracked on Thursday evening. I'm trying to understandhow it happened so that it doesn't go down again.

Sounds to me like you know exactly how it happened - ssh userenumeration won the jackpot.

So what can I do to prevent it? My best guess is that ssh failed, butthis is based on the log messages. Exim or Apache could have been the


Security in layers. Putting ALL: ALL in /etc/hosts.deny is a great start.

You could also run iptables (locally or upstream) to prevent tcp to port22.

Keep your system patched.
Etc, etc.

Reply to:

Follow-Ups:
- Re: My machine was hacked - possibly via sshd?
  - From: Malcolm Ferguson <Malcolm_Ferguson@yahoo.com>

References:
- My machine was hacked - possibly via sshd?
  - From: Malcolm Ferguson <Malcolm_Ferguson@yahoo.com>