Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have gathered quite alot of info about andrejko.ics.upjs(whois lookups, portscans etc). Where should I send this info so that it can cause trouble for andrejko.ics.upjs
btw: me is my host...
Any help would be great
Last edited by unSpawn; 06-03-2006 at 05:32 AM.
Reason: //moderator.note: title edit, body edit.
What could I do to press charges against someone that tryed to brute force his way into my sshd
"Pressing charges"? Realistically speaking, not a thing unless it's been a succesful breach of security causing considerable damages. Even then it has to be covered by Law where you live AFAIK.
There's three realistic steps you can take:
- make sure you read the LQSEC sticky thread "Failed SSH login attempts" and pick a defense mechanism that is appropriate for your system(s) (and note solely moving ssh to another port is *not* a realistic way),
- optionally report to Dshield (this helps correllating info with and for others),
- optionally report to the offenders' ISP,
- and since you're dealing with a univ, prolly the IT dept as well.
Note you should not expect any response.
As moderator I would like to add that, even though cursing is not uncommon, I would like to ask you to please refrain from cursing in thread titles and posts. It does nothing for you or your thread, and frankly, looking at the "problem" it's not even severe enough to warrant cursing: probing is common these days. So deal with it.
Last edited by unSpawn; 06-03-2006 at 05:32 AM.
Reason: //Have keybd, can't type.
What could I do to press charges against some fscker that tryed to brute force his way into my sshd(which btw dosent use password to auth)
Where should I send this info so that it can cause trouble for andrejko.ics.upjs
When the sshd attacks first started to really be noticed, I had a 12-minute bruteforce attempt from someone who probably knew a bit what he was doing (eg, he tried realistic usernames with multiple guesses against each). It really ticked me off, but they/he/she didnt' get anywhere. I did however take those pages and pages of failed login attempts and reported it to his ISP. They mailed me back some time later saying they terminated this guy's account, and if need be again to contact them. You won't always get a confirmation, but rest assured if the ISP is decent, and you report the situation calmly and respectfully, something will likely happen against the offender concerning his Internet connection/account.
As for law enforcement getting involved, the only time I can remember seeing that is when Microsoft throws money at the problem.
When the sshd attacks first started to really be noticed, I had a 12-minute bruteforce attempt from someone who probably knew a bit what he was doing (eg, he tried realistic usernames with multiple guesses against each). It really ticked me off, but they/he/she didnt' get anywhere. I did however take those pages and pages of failed login attempts and reported it to his ISP. They mailed me back some time later saying they terminated this guy's account, and if need be again to contact them. You won't always get a confirmation, but rest assured if the ISP is decent, and you report the situation calmly and respectfully, something will likely happen against the offender concerning his Internet connection/account.
As for law enforcement getting involved, the only time I can remember seeing that is when Microsoft throws money at the problem.
I did whois lookups and found the "abuse contact" email address, and emailed them a complaint...
it's beening 24hrs and no reply, what could I do now?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.