illegal user root user failed login attempts

Peter Kropholler peterkropholler at mac.com
Tue May 17 22:19:52 PDT 2005


This link might help:
http://seclists.org/lists/incidents/2005/Feb/0004.html


Karol,
Thanks for this pointer.

There are two really important pieces of advice on that web page
which persuade me to ditch any thoughts of trying to determine
what passwords people are using with their illegal login scams:

1. it's probably illegal
2. it potentially gives hackers an excuse: someone else knew their  
password?!

As things stand, ssh is designed so you can't get at people's passwords
and I am leaving it alone. Focussing instead on the task of making
sure my passwords are strong, limiting AllowUsers to specific users and
trusted ip addresses, and moving ssh off port 22.

Other advice I received was to consider logging ip addresses and
sending complaints to the relevant authorities: however I doubt that
there is very much point in doing so since my guess is that most
scams come from hacked machines anyway. Basically you never see
the same ip address twice.

many thanks

Peter K






More information about the freebsd-questions mailing list