Re: SSH attack
On Sun, 2005-10-02 at 22:57 -0700, Jared Hall wrote:
> It looks like I am being rooted right now. How do I toss this guy off
> of my system. he has an IP address of 184.108.40.206
> Please get back to me fast. I took the compilers off of the system,
> and it's only running dns... so there's no firewall or anything. I
> can't shut down ssh because that's my only connection to the system.
Edit the sshd config file to talk to only your IP; restart sshd.
Add a iptables rule to block his IP.
'iptables -I INPUT -s 220.127.116.11 -j DROP'
You might not have a firewall, but the 3 default chains are there and
iptables can put rules in them.
GPG ID: D0D7FF20