Please Help! How to STOP them...
gerard at seibercom.net
Fri Jan 12 22:51:19 UTC 2007
On Friday January 12, 2007 at 04:54:37 (PM) Reko Turja wrote:
> >I am reading many hundred lines similar to below mentioned?
> > Could you please advise me what to do and how can I make my box more
> > secure?
> > Jan 9 17:54:42 localhost sshd: reverse mapping checking
> > getaddrinfo
> > for bbs-83-179.189.218.on-nets.com [126.96.36.199] failed -
> > POSSIBLE
> > BREAK-IN ATTEMPT!
> > Jan 9 17:54:42 localhost sshd: Invalid user sysadmin from
> > 188.8.131.52
> It's basically just script kiddies trying to get in using some ready
> made user/password pairs.
> Lots of info covering this has been posted in these newsgroups
> previously, but some things you might consider
> Moving your sshd port somewhere else than 22 - the prepackaged
> "cracking" programs don't scan ports, just blindly try out the default
> port - with determined/skilled attacker it's different matter entirely
Security through Obscurity is not true security at all. You are simply
assuming that other ports are not being scanned.
> Use some kind of portblocker (lots in ports tree) which closes the
> port after predetermined number of attempts - or as an alternative,
> use PF to close the port for IP's in question after predetermined
> number of connection attempts in given time.
> Use key based authentication and stop using passwords altogether.
A very secure method. I would recommend this along with making sure your
firewall is properly configured and all unnecessary ports closed, etc.
> Remember to keep ssh1 disabled as well as direct root access into ssh
> from the ssh config file.
For GOOGLE (L)Users:
"RAM Disk" is not an installation procedure.
More information about the freebsd-questions