Re: POSSIBLE BREAK-IN in auth.log via ssh

To: debian-user@lists.debian.org
Subject: Re: POSSIBLE BREAK-IN in auth.log via ssh
From: Raquel <raquel@thericehouse.net>
Date: Thu, 12 Feb 2009 06:22:41 -0800
Message-id: <[🔎] 20090212062241.b925b4af.raquel@thericehouse.net>
In-reply-to: <[🔎] 20090212084015.GA24026@samad.com.au>
References: <[🔎] 8f0417560902112157r25a05ec6taefd638b6f35018e@mail.gmail.com> <[🔎] 20090212084015.GA24026@samad.com.au>

On Thu, 12 Feb 2009 19:40:16 +1100
Alex Samad <alex@samad.com.au> wrote:

> this is ssh complaining about incorrect password being supplied, I
> presume you do not allow password authentication for root !
> 
> This is some script kiddie or mutant pc try brute attack against
> your sshd server, try fail2ban

I used to blacklist all those in my firewall.  Then I installed
fail2ban.  I don't have to spend the time with the firewall and the
breakin attempts have dropped dramatically, to the point where I
seldom see one any more.

My advice is to install fail2ban.

-- 
Raquel
http://www.byraquel.com
============================================================
Free speech without responsibility is not liberty; it is licence.
The freedom to swing one's arm ends where it makes contact with one's
neighbour's nose.

  --Canadian Broadcast Standards Council

Reply to:

Follow-Ups:
- Re: POSSIBLE BREAK-IN in auth.log via ssh
  - From: Paul Tader <ptader@linuxscope.com>

References:
- POSSIBLE BREAK-IN in auth.log via ssh
  - From: Norman Bird <steelpulsefan@gmail.com>
- Re: POSSIBLE BREAK-IN in auth.log via ssh
  - From: Alex Samad <alex@samad.com.au>

Prev by Date: RE: Strange keyboard lag
Next by Date: Re: Upgrading kernel on a system that won't boot
Previous by thread: Re: POSSIBLE BREAK-IN in auth.log via ssh
Next by thread: Re: POSSIBLE BREAK-IN in auth.log via ssh
Index(es):
- Date
- Thread