13511 Posted September 20, 2017 Posted September 20, 2017 of SSH attempts to log in from VN lately. Normally the biggy is China. Guess I may need to set up a honey pot for them. Quote
SneakyDave Posted September 20, 2017 Posted September 20, 2017 Dumdum noticed you said "China" and naturally thought he knew what you were talking about, but he doesn't Been that way for around a month, many on phpBB forum have reported an increase in spam registrations and have been getting a lot here of late, even validating their accounts. Quote "I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
13511 Posted September 20, 2017 Author Posted September 20, 2017 Yeah, we aren't talking forum spammers... most of these are automated bots that hit port 22 with common usernames. Once they get a good hit (at least for the username) you will frequently see them bombarding the shit out of your system unless you block them after a set # of attempts. Quote
SneakyDave Posted September 20, 2017 Posted September 20, 2017 I've always got a lot of hits on port 22. Haven't used it in a number of years. Only a couple of non-root users from a couple of IP's allowed now. Quote "I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
SneakyDave Posted September 20, 2017 Posted September 20, 2017 Actually, on my centminmod mod boxes, I think root user is required for ssh Quote "I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
13511 Posted September 20, 2017 Author Posted September 20, 2017 Actually, on my centminmod mod boxes, I think root user is required for ssh If so, then you are not practicing safe hex. :p root access should be disabled immediately after confirming that you have set up a valid normal user and entered them into sudoers. Once you have confirmed your normal user has shell access and sudo priv's root should be disabled from any remote access via the config file and SSH service restarted. If you normally only access your system from one place, then that user ID should also be IP restricted (one reason I recommend a static IP for your home ISP). 1 Quote
SneakyDave Posted September 20, 2017 Posted September 20, 2017 (edited) Yeah. I wasn't able to verify that yet, I couldn't remember how that worked. Edited September 20, 2017 by SneakyDave Quote "I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
Kent.S Posted September 20, 2017 Posted September 20, 2017 Dumdum noticed you said "China" and naturally thought he knew what you were talking about, but he doesn't Yeah, dumdum jumped to conclusions again, tried to have an adult discussion, but he did not have a clue what he was going on about. Which he cleared up that he does not know. [ATTACH=full]1634._xfImport[/ATTACH] Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.