Newbie Security Question
Dan Rue
drue at therub.org
Fri Aug 6 13:00:31 PDT 2004
On Fri, Aug 06, 2004 at 08:26:01AM -0500, James A. Coulter wrote:
> I recently got my firewall up and configured (many thanks to JJB and everyone else for their help) and have been reading the daily security message from root with a great deal of interest.
>
> My question is, when I see entries like this:
>
> Aug 5 17:55:54 sara sshd[2099]: Failed password for root from 209.120.224.13
> +port 40515 ssh2
> Aug 5 17:55:55 sara sshd[2101]: Failed password for root from 209.120.224.13
> +port 60426 ssh2
> Aug 5 17:55:55 sara sshd[2103]: Failed password for root from 209.120.224.13
> +port 54447 ssh2
> Aug 5 17:55:59 sara sshd[2105]: Failed password for root from 209.120.224.13
> +port 44460 ssh2
>
> is it safe to assume someone has been trying to hack my system?
>
> Jim C.
Hi Jim,
Yeah, I get these all the time. I've always chalked it up to random
script kiddies. Sometimes i get people trying to log in as generic
usernames like admin, guest, etc. Make sure that PermitRootLogin is
either set to no or commented out in /etc/ssh/sshd_config, and of course
make sure you are using a good root password.
Now, if you really want to work yourself up, start browsing your
httpd-access logs :)
-dan
More information about the freebsd-questions
mailing list