Newbie Security Question
mazpe
mazpe at mazpe.net
Fri Aug 6 13:18:44 PDT 2004
Hello James:
Thats just letting you know that someone from that IP Address tried to
access your system using the root account and the password they provided
failed to authenticate.
Could've been an ssh scanner or something of that nature.
Most likely script kiddies.
Make sure you do not allow root to login via ssh by setting your
sshd_config PermitRootLogin no.
Use sudo or su - instead.
or you can always use key-based authentication.
Lester A. Mesa
aka: mazpe
-----------------------------------------------------------------
On Fri, 2004-08-06 at 08:26, James A. Coulter wrote:
> I recently got my firewall up and configured (many thanks to JJB and everyone else for their help) and have been reading the daily security message from root with a great deal of interest.
>
> My question is, when I see entries like this:
>
> Aug 5 17:55:54 sara sshd[2099]: Failed password for root from 209.120.224.13
> +port 40515 ssh2
> Aug 5 17:55:55 sara sshd[2101]: Failed password for root from 209.120.224.13
> +port 60426 ssh2
> Aug 5 17:55:55 sara sshd[2103]: Failed password for root from 209.120.224.13
> +port 54447 ssh2
> Aug 5 17:55:59 sara sshd[2105]: Failed password for root from 209.120.224.13
> +port 44460 ssh2
>
> is it safe to assume someone has been trying to hack my system?
>
> I did a whois search on the IP and it went to a provider in Colorado.
>
> I'm asking because I'm curious - thanks again for everyone's help.
>
> Jim C.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list