LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page URGENT: hacker's attack on linux box
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-04-2007, 08:01 AM   #1
yawe_frek
Member
 
Registered: Sep 2005
Distribution: feather 0.72-usb, DSL,CentOS,Ubuntu, Redhat 9
Posts: 144

Rep: Reputation: 15
URGENT: hacker's attack on linux box

hi friends,

for some time now i have beeing seeing such messages in my /var/log/secure
Jun 7 01:08:59 host sshd[1955]: Did not receive identification string from 72.20.1.250
Jun 7 01:09:59 host sshd[3959]: Did not receive identification string from 72.20.1.250
Jun 7 01:10:56 host sshd[5937]: Did not receive identification string from 69.61.56.114
Jun 7 01:11:56 host sshd[7752]: Did not receive identification string from 69.61.56.114
Jun 7 01:12:55 host sshd[9633]: Did not receive identification string from 69.61.56.114
Jun 7 01:13:56 host sshd[11530]: Did not receive identification string from 69.61.56.114

i am suspecting an hacker's attemping to gain access.

how can i change my ssh port to a differ one and how do i know which port is available.

Thnaks
 
Old 08-04-2007, 09:12 AM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
Code:
man sshd_config
Code:
      Port    Specifies the port number that sshd listens on.  The default is 22.  Multiple
             options of this type are permitted.  See also ListenAddress.
Also look into programs that block IPs after X number of unsuccessful logins, such as fail2ban and DenyHosts
Last edited by AlucardZero; 08-04-2007 at 04:25 PM.
 
Old 08-04-2007, 01:07 PM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
Also look at the sticky on failed SSH attempts at the top of this forum.
 
Old 08-08-2007, 02:19 AM   #4
mistersnorfles
Member
 
Registered: Aug 2007
Distribution: Gentoo 2007.0
Posts: 51

Rep: Reputation: 15
Port Knocking
You could also look into setting up port knocking...

http://www.linuxjournal.com/article/6811

Hope this helps...

---Mr. Snorfles
 
Old 08-08-2007, 06:42 AM   #5
orion.echo
LQ Newbie
 
Registered: Jul 2007
Location: Omaha Nebraska
Distribution: Redhat (Fedora / CentOS) - Slackware - Ubuntu
Posts: 15

Rep: Reputation: 0
yawe_frek

You could block these IP addresses using iptables

just a thought.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
The hacker's way harmattan General 7 07-24-2007 08:04 PM
Accessing WevDav directory on linux box A from linux box B using Ant script. panayoti Linux - Newbie 0 10-07-2006 11:44 PM
A Hacker's Poem misfit-x General 6 01-15-2004 07:50 AM
My Mnadrake Box will not boot.(URGENT) Baldorg Linux - General 1 09-12-2003 09:56 AM
cannot remove hacker's file jupiter Linux - Security 4 09-14-2001 05:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:30 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration