Geez, my buddy asked my to allow him to SSH into my machine so he can download some files. So, I forwarded port 22 on my router to my system, and left it open overnight. No problem right? I mean, SSHv2 is very secure, if set up properly. Passwords are sent over strong encryption, root is forbidden to login (at least in my sshd_config), one must guess the username as well as the password simultaneously(!) for successful entry, and last but not least incorrect login attempts are met with a 4-second cooldown before they can attempt another login (to prevent brute force attacks). Who in their right mind would try to hack a random SSH2 server on a whim? Apparently, many many script kiddies. When I checked my auth.log file this morning, lo and behold, a veritable horde of 12-year-old web gnomes had tried for the prize. Many of them even used their proper names (such as Patrick, a Pac-Bell Cable customer). What am I, a retard magnet?
Some of those look like they might be worms targeting Apache (I'm not even running a web server), but there's also some random attempts in there...
Luckily, they didn't guess my password. Because I trust you guys, I guess I'll tell you: it's qwerty. Before that it was 1234, but Linux told me it was too short. BTW, anybody have any idea why my CDROMs keep ejecting randomly?
Yeah, I dunno why my cup holder keeps going away like that. I'm going to give eMachines a stern talking-to tomorrow!
thats a health hazard. What if theres a small child under it and the coffe spills when the drive goes in?!!
Hallo, is there any new information on this??? Does anyone know: 1. Is there any known case where this attempt to log in was successful? 2. What happens, if such a login is successful? I conjecture(!), it is some script. If the login is successful, then the script will copy itself to the hacked host and run on the hacked host. Best regards, Daniel
None of the accounts on which attacks were launched existed, except for the root account. However, root was explicitly disallowed from logging in directly via SSH. There was only one account which was allowed to be logged into remotely, and that account was extremely limited (e.g. no access to GCC, no su, no sudo, no root path, no access to /var, no read access to /home, etc). So in other words, the attempts were unsuccessful.
