Given this evidence, should I be worried that I may have been
corwin at aeternal.net
Sat Apr 14 12:19:50 UTC 2007
Jim Stapleton wrote:
> I have DSA. I will change it to a nonstandard port, but I was
> wondering what your oppinion on a good way to check if this is the
> result of me being hacked, or just someone loosing interest.
If you are hacked, then something might or might not be going on your
system (check for unusual stuff, like rise in number of processes, or
disk usage, or network traffic, and think about it). You know how your
system behave on day to day, do you?
Nevertheless generally speaking, 99.99% of these brute attempts to get
ssh access is coming from various zombies, blindly trying out port 22,
that's why the port change is usual advice. There are easier ways on how
to get inside than just bruteforcing via login credentials wild
guessing. For example take unsecured web server with some full-of-bugs
content management system. Exploiting a vulnerability will allow someone
(this time definitely not a zombie) to get into the system and go
forward with any dark actions he/she might have in the mind.
nice sunny weekend,
More information about the freebsd-questions