[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: consejos para linux

Juan Manuel Acuña Barrera escribió:




Hola Alberto...

Alberto Vicat wrote:

Juan Manuel Acuña Barrera escribió:


[...]
- Usa nombres de usuario poco comunes (para saber cuales son los comunes basta con poner un ojo en /var/log/auth.log y ver lo que dice después de "Invalid user"). 
[...]

Saludos!

Hola.
Muy buenos los consejos y también los agregados.
Pero fui a /var/log/auth.log y lo que encuentro es un "historial" de logueos. Busqué la cadena "Invalid" y no aparece. ¿Qué se supone que debería encontrar allí? 

Aquí va una muestra del mío...
Jul 2 15:47:38 debhome sshd[29871]: Invalid user teofilo from 201.217.90.50 Jul 2 15:47:40 debhome sshd[29875]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! 
Jul  2 15:47:40 debhome sshd[29875]: Invalid user tadeo from 201.217.90.50
Jul 2 15:47:43 debhome sshd[29879]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:47:43 debhome sshd[29879]: Invalid user pelayo from 201.217.90.50 Jul 2 15:47:45 debhome sshd[29883]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:47:45 debhome sshd[29883]: Invalid user narciso from 201.217.90.50 Jul 2 15:47:47 debhome sshd[29887]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:47:47 debhome sshd[29887]: Invalid user porfirio from 201.217.90.50 Jul 2 15:47:50 debhome sshd[29891]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:47:50 debhome sshd[29891]: Invalid user hipolito from 201.217.90.50 Jul 2 15:47:53 debhome sshd[29895]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:47:53 debhome sshd[29895]: Invalid user isidro from 201.217.90.50 Jul 2 15:47:55 debhome sshd[29899]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:47:55 debhome sshd[29899]: Invalid user gregorio from 201.217.90.50 Jul 2 15:47:57 debhome sshd[29903]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:47:57 debhome sshd[29903]: Invalid user engracia from 201.217.90.50 Jul 2 15:47:59 debhome sshd[29907]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! 
Jul  2 15:47:59 debhome sshd[29907]: Invalid user berta from 201.217.90.50
Jul 2 15:48:04 debhome sshd[29911]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:04 debhome sshd[29911]: Invalid user cirilo from 201.217.90.50 Jul 2 15:48:06 debhome sshd[29925]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:06 debhome sshd[29925]: Invalid user demetrio from 201.217.90.50 Jul 2 15:48:09 debhome sshd[29929]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:09 debhome sshd[29929]: Invalid user angelica from 201.217.90.50 Jul 2 15:48:13 debhome sshd[29934]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:13 debhome sshd[29934]: Invalid user basilio from 201.217.90.50 Jul 2 15:48:15 debhome sshd[29938]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:15 debhome sshd[29938]: Invalid user casandra from 201.217.90.50 Jul 2 15:48:17 debhome sshd[29942]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:17 debhome sshd[29942]: Invalid user alondra from 201.217.90.50 Jul 2 15:48:19 debhome sshd[29946]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:19 debhome sshd[29946]: Invalid user agueda from 201.217.90.50 Jul 2 15:48:21 debhome sshd[29951]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:21 debhome sshd[29951]: Invalid user severino from 201.217.90.50 Jul 2 15:48:23 debhome sshd[29955]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:23 debhome sshd[29955]: Invalid user antonia from 201.217.90.50 Jul 2 15:48:25 debhome sshd[29959]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:25 debhome sshd[29959]: Invalid user vicente from 201.217.90.50 Jul 2 15:48:27 debhome sshd[29963]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:27 debhome sshd[29963]: Invalid user valentin from 201.217.90.50 Jul 2 15:48:29 debhome sshd[29967]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:29 debhome sshd[29967]: Invalid user rogelio from 201.217.90.50 Jul 2 15:48:31 debhome sshd[29971]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:31 debhome sshd[29971]: Invalid user sancho from 201.217.90.50 Jul 2 15:48:33 debhome sshd[29975]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:33 debhome sshd[29975]: Invalid user saturnino from 201.217.90.50 Jul 2 15:48:35 debhome sshd[29979]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:35 debhome sshd[29979]: Invalid user domingo from 201.217.90.50 Jul 2 15:48:37 debhome sshd[29983]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:37 debhome sshd[29983]: Invalid user placido from 201.217.90.50 Jul 2 15:48:39 debhome sshd[29988]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! 
Jul  2 15:48:39 debhome sshd[29988]: Invalid user pia from 201.217.90.50
Jul 2 15:48:44 debhome sshd[29992]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! 
Jul  2 15:48:44 debhome sshd[29992]: Invalid user pio from 201.217.90.50
Jul 2 15:48:46 debhome sshd[29996]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! 
Jul  2 15:48:46 debhome sshd[29996]: Invalid user pabla from 201.217.90.50
Jul 2 15:48:48 debhome sshd[30000]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [201.217.90.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 15:48:48 debhome sshd[30000]: Invalid user patricio from 201.217.90.50 Jul 2 15:48:50 debhome sshd[30004]: reverse mapping checking getaddrinfo for 50.201-217-90.uio.satnet.net [2 


Saludos


Un saludo,
Te aparece (por lo menos en mis máquinas con salida a red me aparece) algo así:
Nov 20 11:27:29 nombreDeMiEquipo sshd[14618]: Failed password for invalid user mysql from 60.160.183.2 port 42278 ssh2 Nov 20 11:27:32 nombreDeMiEquipo sshd[14620]: Invalid user test from 60.160.183.2 Nov 20 11:27:34 nombreDeMiEquipo sshd[14620]: Failed password for invalid user test from 60.160.183.2 port 42526 ssh2 Nov 20 11:27:37 nombreDeMiEquipo sshd[14622]: Invalid user user from 60.160.183.2 Nov 20 11:27:39 nombreDeMiEquipo sshd[14622]: Failed password for invalid user user from 60.160.183.2 port 42794 ssh2 Nov 20 11:27:41 nombreDeMiEquipo sshd[14624]: Invalid user service from 60.160.183.2 Nov 20 11:27:43 nombreDeMiEquipo sshd[14624]: Failed password for invalid user service from 60.160.183.2 port 43040 ssh2 Nov 20 11:27:47 nombreDeMiEquipo sshd[14626]: Failed password for invalid user root from 60.160.183.2 port 43274 ssh2 Nov 20 11:27:49 nombreDeMiEquipo sshd[14628]: Invalid user oracle from 60.160.183.2 Nov 20 11:27:51 nombreDeMiEquipo sshd[14628]: Failed password for invalid user oracle from 60.160.183.2 port 43502 ssh2 Nov 20 11:27:56 nombreDeMiEquipo sshd[14632]: Failed password for invalid user mysql from 60.160.183.2 port 43734 ssh2 Nov 20 11:27:58 nombreDeMiEquipo sshd[14634]: Invalid user test from 60.160.183.2 Nov 20 11:28:00 nombreDeMiEquipo sshd[14634]: Failed password for invalid user test from 60.160.183.2 port 43971 ssh2 Nov 20 11:28:02 nombreDeMiEquipo sshd[14636]: Invalid user user from 60.160.183.2
Como puedes ver están los usuarios mysql, test, user, service, oracle. Es a lo que me refiero. Yo personalmente siempre prefiero usar combinaciones de nombre (punto) apellido (punto) apellido o algo así, por ejemplo pedro.lopez.garcia, que creo que será mas dificil de adivinar, así ya le tienen que pegar a dos: primero al username y luego al password. 

Saludos!
¡Fáá! ¡Pero ustedes tienen un malón pampa al acecho!... ¿O será que mi instalación es muy nueva y todavía no "juntó"? 
Capaz que sea eso, veremos dentro de un tiempito.

Saludos
Reply to: