Given this evidence, should I be worried that I may have been hacked

Martin Hudec corwin at
Sat Apr 14 12:19:50 UTC 2007

Jim Stapleton wrote:
> I have DSA. I will change it to a nonstandard port, but I was
> wondering what your oppinion on a good way to check if this is the
> result of me being hacked, or just someone loosing interest.

If you are hacked, then something might or might not be going on your 
system (check for unusual stuff, like rise in number of processes, or 
disk usage, or network traffic, and think about it). You know how your 
system behave on day to day, do you?

Nevertheless generally speaking, 99.99% of these brute attempts to get 
ssh access is coming from various zombies, blindly trying out port 22, 
that's why the port change is usual advice. There are easier ways on how 
to get inside than just bruteforcing via login credentials wild 
guessing. For example take unsecured web server with some full-of-bugs 
content management system. Exploiting a vulnerability will allow someone 
(this time definitely not a zombie) to get into the system and go 
forward with any dark actions he/she might have in the mind.

nice sunny weekend,

More information about the freebsd-questions mailing list