Geez, my buddy asked my to allow him to SSH into my machine so he can download some files. So, I forwarded port 22 on my router to my system, and left it open overnight. No problem right? I mean, SSHv2 is very secure, if set up properly. Passwords are sent over strong encryption, root is forbidden to login (at least in my sshd_config), one must guess the username as well as the password simultaneously(!) for successful entry, and last but not least incorrect login attempts are met with a 4-second cooldown before they can attempt another login (to prevent brute force attacks). Who in their right mind would try to hack a random SSH2 server on a whim? Apparently, many many script kiddies. When I checked my auth.log file this morning, lo and behold, a veritable horde of 12-year-old web gnomes had tried for the prize. Many of them even used their proper names (such as Patrick, a Pac-Bell Cable customer). What am I, a retard magnet?
I take it that they’re retarded…
Yup thts pretty r374rd3d
Post the log file. Should be funny.
that’s gh3y 2 |)4 //\4X
[QUOTE=addis]
Post the log file. Should be funny.
[/QUOTE]
OK, here’s a few choice sections of it:
[QUOTE=addis]
Post the log file. Should be funny.
[/QUOTE]
How is it classed as funny?
Maybe I should read into some coding and more techie stuff. :rolleyes:
[QUOTE=Waffle]
How is it classed as funny?
Maybe I should read into some coding and more techie stuff. :rolleyes:
[/QUOTE]
Not funny but amusing. :good:
Some of those look like they might be worms targeting Apache (I’m not even running a web server), but there’s also some random attempts in there… 
That what you mean? :o
[QUOTE=Addis]
That what you mean? :o
[/QUOTE]
Luckily, they didn’t guess my password. Because I trust you guys, I guess I’ll tell you: it’s qwerty. Before that it was 1234, but Linux told me it was too short.
BTW, anybody have any idea why my CDROMs keep ejecting randomly? 
maybe someone loves you so much they want that hot little rom tray sliding iiinnnn and ouuuuttt
[QUOTE=Anti-Trend]
Luckily, they didn’t guess my password. Because I trust you guys, I guess I’ll tell you: it’s qwerty. Before that it was 1234, but Linux told me it was too short.
BTW, anybody have any idea why my CDROMs keep ejecting randomly?
[/QUOTE]
You sure about that trust part!!! MUA HA HA HA AHAHAHA!!!
JK dawg
Yeah, I dunno why my cup holder keeps going away like that. I’m going to give eMachines a stern talking-to tomorrow!
thats a health hazard. What if theres a small child under it and the coffe spills when the drive goes in?!! 
Hallo,
is there any new information on this???
Does anyone know:
-
Is there any known case where this attempt to
log in was successful? -
What happens, if such a login is successful?
I conjecture(!), it is some script. If the login is
successful, then the script will copy itself to the
hacked host and run on the hacked host.
Best regards, Daniel
None of the accounts on which attacks were launched existed, except for the root account. However, root was explicitly disallowed from logging in directly via SSH. There was only one account which was allowed to be logged into remotely, and that account was extremely limited (e.g. no access to GCC, no su, no sudo, no root path, no access to /var, no read access to /home, etc). So in other words, the attempts were unsuccessful.